CS 2019 standard - 192.168.2.12
syslog: rhel 8.7 - 192.168.2.177
tls port : 6514
v11.29.44
https://documentation.commvault.com/2022e/essential/114237_configuring_syslog_server.html
#1 I created a CA in syslog server and then created a self-signed certificate for my server named "cs1.pem" and imported it into the "Trusted Root Certification Authorities" folder of CS server and imported CA cert into the system-wide trust store (certutil -d /etc/pki/nssdb -A -t "C,," -n <nickname> -i <path to CA file>)
#2 I successfully enabled secure messaging through the admin center with this self-signed cert.
#3 Issue:
However, when CS tried to connect/send data to my syslog server, encountered an error message saying "GnuTLS handshake retry returned error: Decryption has failed."
Tried:
To investigate the issue, I captured some packages using tcpdump, which showed that the problem was caused by an "Unknown CA" error, though CA has been imported to trust store of syslog server and CS server.
I also noticed that the syslog server was using TLSv1.3 instead of TLSv1.2.
10613 10:40:19.884741 0.000353 192.168.2.12 192.168.2.177 TCP 60 35016 → 6514 [ACK] Seq=1 Ack=1 Win=2102272 Len=0
10614 10:40:19.885813 0.001072 192.168.2.12 192.168.2.177 TLSv1.3 343 Client Hello
10615 10:40:19.885836 0.000023 192.168.2.177 192.168.2.12 TCP 54 6514 → 35016 [ACK] Seq=1 Ack=290 Win=30336 Len=0
10616 10:40:19.886546 0.000710 192.168.2.177 192.168.2.12 TLSv1.3 187 Server Hello, Change Cipher Spec
10617 10:40:19.891113 0.004567 192.168.2.177 192.168.2.12 TLSv1.3 1514 Application Data, Application Data, Application Data
10618 10:40:19.891426 0.000313 192.168.2.12 192.168.2.177 TCP 60 35016 → 6514 [ACK] Seq=290 Ack=1594 Win=2102272 Len=0
10619 10:40:19.891444 0.000018 192.168.2.177 192.168.2.12 TLSv1.3 370 Application Data, Application Data
10620 10:40:19.892325 0.000881 192.168.2.12 192.168.2.177 TLSv1.3 61 Alert (Level: Fatal, Description: Unknown CA)
