geoffbernard-bw
commented
2 years ago I tried installing OpenSSL & created a self-signed certificate. I'm getting the same error. I then created an export of our CA signed wildcard certificate. Exported private keys & entire cert chain. Used OpenSSL to extract keys & certs then saved to a folder. Updated config to use this new cert. Still getting self-signed cert error.
Is there a was to bypass the self-signed check? Can anyone please give me some pointers? I'm happy to do research?
I'm setting up DLS on Windows (Python 3.8) and I can't figure out how to setup TCPSSL.
I connected to my SIEM (Alienvault) using a browser & saved the certificate. I placed that cert in the DLS home directory & added the .cer file to the config under cert_filepath. When I run DuoLogSync, I get an error.
Shutting down due to SSL: CERTIFICATE_VERIFY_FAILED certificate verify failed: self signed certificate in certificate chain (_ssl.c:997)
I did multiple searches but was unable to find anything regarding certificates. Some older articles reference a "cert_dir" directive which doesn't exist in the template_config.yml file so this only adds to my confusion. Is there an opportunity to update the documentation to include a section on SSL?
1 - Was I supposed to grab the certificate from the server? 2 - If using the server certificate, should I also have the private key saved in the same directory? 3 - Should I instead be using a new self-signed client certificate?
I can't move forward with this as I don't even want to test without SSL. Any guidance would be greatly appreciate.
Thanks in advance. Geoff