Open cellnuscyrus opened 8 years ago
I followed the instruction to create private CA using the command "secure-forward-ca-generate" . The secure forward connection fail and show the error message as below.
fluentd node : Log : 2016-09-28 16:50:58 +0800 [warn]: plugin/output_node.rb:301:rescue in connect: failed to establish SSL connection error_class=OpenSSL::SSL::SSLError error=#<OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed> host="XXX.XXX.XXX.XXX" address="XXX.XXX.XXX.XXX" port=24284
2016-09-28 16:50:58 +0800 [warn]: plugin/output_node.rb:301:rescue in connect: failed to establish SSL connection error_class=OpenSSL::SSL::SSLError error=#<OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed> host="XXX.XXX.XXX.XXX" address="XXX.XXX.XXX.XXX" port=24284
Config : <match *.**> type secure_forward retry_limit 9 shared_key XXXXXXXX secure yes self_hostname xxx.xxxxxxxx.com ca_cert_path /etc/td-agent/ca_cert.pem
fluentd aggerator : Log : 2016-09-28 16:51:01 +0800 [debug]: plugin/input_session.rb:154:rescue in start: failed to establish ssl session error_class=OpenSSL::SSL::SSLError error=#<OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca>
2016-09-28 16:51:01 +0800 [debug]: plugin/input_session.rb:154:rescue in start: failed to establish ssl session error_class=OpenSSL::SSL::SSLError error=#<OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca>
Config :
type secure_forward shared_key XXXXXXXXX self_hostname xxx.xxxxxxx.xom secure yes cert_auto_generate yes ca_cert_path /etc/td-agent/ca_cert.pem ca_private_key_path /etc/td-agent/ca_key.pem ca_private_key_passphrase XXXXXXXXX
Is it need to generate a certificate manually instead of "secure-forward-ca-generate"?
I followed the instruction to create private CA using the command "secure-forward-ca-generate" . The secure forward connection fail and show the error message as below.
fluentd node : Log :
2016-09-28 16:50:58 +0800 [warn]: plugin/output_node.rb:301:rescue in connect: failed to establish SSL connection error_class=OpenSSL::SSL::SSLError error=#<OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 state=error: certificate verify failed> host="XXX.XXX.XXX.XXX" address="XXX.XXX.XXX.XXX" port=24284Config : <match *.**> type secure_forward retry_limit 9 shared_key XXXXXXXX secure yes self_hostname xxx.xxxxxxxx.com ca_cert_path /etc/td-agent/ca_cert.pem
fluentd aggerator : Log :
2016-09-28 16:51:01 +0800 [debug]: plugin/input_session.rb:154:rescue in start: failed to establish ssl session error_class=OpenSSL::SSL::SSLError error=#<OpenSSL::SSL::SSLError: SSL_accept returned=1 errno=0 state=SSLv3 read client certificate A: tlsv1 alert unknown ca>Config :
type secure_forward shared_key XXXXXXXXX self_hostname xxx.xxxxxxx.xom secure yes cert_auto_generate yes ca_cert_path /etc/td-agent/ca_cert.pem ca_private_key_path /etc/td-agent/ca_key.pem ca_private_key_passphrase XXXXXXXXX
Is it need to generate a certificate manually instead of "secure-forward-ca-generate"?