Tâche #29101
Scénario #23149: Envoi de logs : revoir la façon dont sont gérés les certificats utilisés par rsyslog
Générer/fournir un certificat
Start date:
10/14/2019
Due date:
% Done:
100%
Remaining (hours):
0.0
Description
La CA /etc/rsyslog.d/ssl/certs/zephirlog_ca.pem n'est plus généré.
Associated revisions
set correct certs and ca files for rsyslog ref #29101
set correct certs and ca files for rsyslog ref #29101
set certs files ref #29101
set tls certs for client ref #29101
History
#1 Updated by Matthieu Lamalle almost 4 years ago
- Description updated (diff)
#2 Updated by Matthieu Lamalle almost 4 years ago
On va utiliser le fichier /etc/ssl/certs/ca_local.crt, et se servir des variables server_cert, server_key et server_pem pour les utiliser dans rsyslog.
Un script posttemplate va s'occuper de les copier au bon endroit avec les bons droits.
#3 Updated by Matthieu Lamalle almost 4 years ago
- Assigned To set to Matthieu Lamalle
#4 Updated by Matthieu Lamalle almost 4 years ago
- Status changed from Nouveau to En cours
#5 Updated by Matthieu Lamalle almost 4 years ago
- Status changed from En cours to Résolu
#6 Updated by Joël Cuissinat almost 4 years ago
- Status changed from Résolu to Fermé
- % Done changed from 0 to 100
- Remaining (hours) set to 0.0
root@eolebase:~# for var in rsyslog_ca_file rsyslog_cert_file rsyslog_privkey_file;do ls -al "$(CreoleGet $var)";done -rw-r--r-- 1 root root 1776 oct. 30 12:03 /etc/ssl/certs/ca_local.crt -rw-r--r-- 1 syslog syslog 1460 oct. 30 12:03 /etc/rsyslog.d/ssl/certs/rsyslog.crt -rw------- 1 syslog syslog 1679 oct. 30 12:03 /etc/rsyslog.d/ssl/private/rsyslog.key