commvault.com commvault.com
Solved

issue with enabling secure messaging for syslog

  • 3 April 2023
  • 5 replies
  • 132 views
D
Rank
Userlevel 3
Badge +13

CS 2019 standard - 192.168.2.12
syslog: rhel 8.7 - 192.168.2.177

tls port : 6514
v11.29.44

https://documentation.commvault.com/2022e/essential/114237_configuring_syslog_server.html
 

#1 I created a CA in syslog server and then created a self-signed certificate for my server named "cs1.pem"  and imported it into the "Trusted Root Certification Authorities" folder of CS server and imported CA cert into the system-wide trust store (certutil -d /etc/pki/nssdb -A -t "C,," -n <nickname> -i <path to CA file>)

#2 I successfully enabled secure messaging through the admin center with this self-signed cert.

#3 Issue:

However, when CS tried to connect/send data to my syslog server, encountered an error message saying "GnuTLS handshake retry returned error: Decryption has failed." 

Tried:

To investigate the issue, I captured some packages using tcpdump, which showed that the problem was caused by an "Unknown CA" error, though CA has been imported to trust store of syslog server and CS server.
I also noticed that the syslog server was using TLSv1.3 instead of TLSv1.2.

 

10613    10:40:19.884741    0.000353    192.168.2.12    192.168.2.177    TCP    60    35016 → 6514 [ACK] Seq=1 Ack=1 Win=2102272 Len=0
10614    10:40:19.885813    0.001072    192.168.2.12    192.168.2.177    TLSv1.3    343    Client Hello
10615    10:40:19.885836    0.000023    192.168.2.177    192.168.2.12    TCP    54    6514 → 35016 [ACK] Seq=1 Ack=290 Win=30336 Len=0
10616    10:40:19.886546    0.000710    192.168.2.177    192.168.2.12    TLSv1.3    187    Server Hello, Change Cipher Spec
10617    10:40:19.891113    0.004567    192.168.2.177    192.168.2.12    TLSv1.3    1514    Application Data, Application Data, Application Data
10618    10:40:19.891426    0.000313    192.168.2.12    192.168.2.177    TCP    60    35016 → 6514 [ACK] Seq=290 Ack=1594 Win=2102272 Len=0
10619    10:40:19.891444    0.000018    192.168.2.177    192.168.2.12    TLSv1.3    370    Application Data, Application Data
10620    10:40:19.892325    0.000881    192.168.2.12    192.168.2.177    TLSv1.3    61    Alert (Level: Fatal, Description: Unknown CA)

icon

Best answer by Damian Andre 5 April 2023, 08:45

View original

5 replies

Damian Andre
Rank
Userlevel 7
Badge +23

Hey @DanC,

You have me stumped 😅 - given the amount of troubleshooting you have done so far, I think its probably best to check this out as a support case, so the team can dive into the logs or enable advanced debugging.

D
Rank
Userlevel 3
Badge +13

@Damian Andre thank you and will do

G
Rank
Badge +6

Sorry to comment on older thread but was this ever resolved? I have issue with 11:30 failing secure handshake with an application for syslog collection. 

Damian Andre
Rank
Userlevel 7
Badge +23

Hi @Glenno,

There is an ongoing support case - however it seems that the system is not accepting a certificate from a unknown CA - i.e it expects a public CA not a self-created one. However it should be working if inserted into the local trust store, so still figuring it out.

You could try something like https://letsencrypt.org/ which is free and uses a public CA for signing and see if that works.

G
Rank
Badge +6

Hi @Damian Andre

Thanks for the feedback. Greatly appreciated.. 

Reply


Terms & ConditionsCookie settings