The syslog-ng 3.0 Administrator Guide

Procedure 5.4.2.1. Configuring mutual authentication with the syslog-ng Agent for Windows

If the syslog-ng server requests authentication from the syslog-ng Agent, complete the following steps.

1. Create certificates for the clients. By default, the syslog-ng agent will look for a certificate that contains the hostname or IP address of the central syslog-ng server in its Common Name. If you use a different Common Name, do not forget to complete Step 3 to set the Common Name of the certificate.

   The certificate must contain the private key and must be in PKCS12 format.

   	Tip
   	To convert a certificate and a key from PEM format to PKCS12 you can use the following command: openssl pkcs12 -export -in agentcertificate.pem -inkey agentprivatekey.pem -out agentcertificatewithkey.pfx

2. Import this certificate into the Personal Certificate store of the Local Computer using the Certificate Import Wizard. See Section 5.4.3, “Importing certificates with the Microsoft Management Console” for details.

3. By default, the syslog-ng agent will look for a certificate that contains the hostname or IP address of the central syslog-ng server in its Common Name. (The agent will look for the server name or address set in the Server Name field of the destination.) If the certificate of the client has a different Common Name, complete the following steps:

   1. Start the configuration interface of the syslog-ng Agent for Windows application.

   2. Select syslog-ng Agent Settings > Destinations > Network, and double-click on IPv4.

   3. Select the server that requires mutual authentication and click Edit.

   4. Select the Use SSL option, click Select, then select the certificate to use.

      	Note
      	A common way is to use the hostname or the IP address of the agent as the Common Name of the certificate (e.g., syslog-ng-agent1.example.com).

4. Select Apply, then OK. To activate the changes, restart the syslog-ng Agent service.