Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.

NIOS DNS DHCP IPAM

Reply

syslog secure tcp issue

New Member
Posts: 1
338     0

Hi all,

 

I updated infoblox from version 8.4.8 to version 9.0.3.

 

Since then, I don't have anymore encrypted syslog flows (Secure TCP). This error is present because my CA root certificate is not compliant to RFC 5280. I specify that I cannot resign the  CA root certificate at the moment.

At version 8.4.8, infoblox was accepting the non-compliance of the CA root certificate. At version 9.0.3, infoblox seems to refuse our non-compliant CA root certifcate.

 

Do you know the possibility of bypassing this verification for syslog-ng process ?

 

Have a good day.

Re: syslog secure tcp issue

New Member
Posts: 1
339     0

Hello,

 

Romain upgraded Infoblox from version 8.4.8 to 9.0.3. Since the upgrade, secure syslog traffic using Secure TCP is no longer working. The reason seems to be a non-compliant CA root certificate used for encryption. Re-signing the CA root certificate is not currently an option.

If possible, consider prioritizing this solution. Upgrading the CA root certificate to comply with RFC 5280 is the most secure approach. This ensures a strong foundation for encrypted communication.

Downgrading software is generally not recommended due to potential security vulnerabilities and bug fixes not present in older versions.

Infoblox documentation or forums might have information about alternative configuration options related to certificate verification for syslog-ng.

Using a non-compliant CA root certificate can compromise the security of your encrypted syslog traffic.

 

Upgrading the CA root certificate to comply with RFC 5280 is the most secure and recommended approach. If that's not possible immediately, consider the temporary solution of downgrading Infoblox with the understanding of the associated security risks. Avoid bypassing certificate verification unless absolutely necessary and only after thoroughly understanding the implications.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You