The syslog-ng 3.0 Administrator Guide

Procedure 5.4.1. Enabling encrypted connections

1. Start the configuration interface of the syslog-ng Agent for Windows application.

2. Select syslog-ng Agent Settings > Destinations > Network, and double-click on IPv4.

3. Select the server that accepts encrypted connections and click Edit.

4. Select the Use SSL option.

   	Warning
   	The connection can be established only if the Certificate Authority (CA) that issued the certificate of the server is available in the Certificate Store (MMC > Certificates > Computer Account > Local Computer > Trusted Root Certificates) of the Windows-based host. See Section 5.4.3, “Importing certificates with the Microsoft Management Console” for details on importing certificates.

   Note

   The subject_alt_name parameter (or the Common Name parameter if the subject_alt_name parameter is empty) of the server's certificate must contain the hostname or the IP address (as resolved from the syslog-ng clients and relays) of the server (e.g., syslog-ng.example.com). Alternatively, the Common Name or the subject_alt_name parameter can contain a generic hostname, e.g., *.example.com. Note that if the Common Name of the certificate contains a generic hostname, do not specify a specific hostname or an IP address in the subject_alt_name parameter.

5. Select Apply, then OK. To activate the changes, restart the syslog-ng Agent service.