7.4 Configuring SSL in Analytics Server

Channel 7, 8, and 9 in Figure 7-1, SSL Communication Channels.

  1. Generate the Certificate Authority (CA) Certificate.

    1. Create a private key.

      certtool --generate-privkey --outfile ca-key.pem

    2. Create the self-signed certificate.

      certtool --generate-self-signed --load-privkey ca-key.pem --outfile ca.pem

  2. Generate a certificate for the local syslog client (private key).

    1. Create a private key for the syslog agent.

      certtool --generate-privkey --outfile rslclient-key.pem --bits 2048

    2. Generate a certificate request for the syslog client.

      certtool --generate-request --load-privkey rslclient-key.pem --outfile request.pem

    3. Generate a certificate and sign it with the CA private key.

      certtool --generate-certificate --load-request request.pem --outfile rslclient-cert.pem --load-ca-certificate ca.pem --load-ca-privkey ca-key.pem

  3. Generate a certificate for the remote syslog server (private key)

    1. Remove the previously generated request.pem.

    2. Create a private key for the syslog server.

      certtool --generate-privkey --outfile rslserver-key.pem --bits 2048

    3. Generate a certificate request for the rsyslog server.

      certtool --generate-request --load-privkey rslserver-key.pem --outfile request.pem

    4. Generate a machine certificate and sign it with the CA private key.

    5. Copy certificates from CA to rsyslog server and to rsyslog client.

      certtool --generate-certificate --load-request request.pem --outfile rslserver-cert.pem --load-ca-certificate ca.pem --load-ca-privkey ca-key.pem

    6. Configure the syslog server for TLS.

      Sample nam.conf:

      # Increase the amount of open files rsyslog is allowed, which includes open tcp sockets 
# This is important if there are many clients. 
# http://www.rsyslog.com/doc/rsconf1_maxopenfiles.html $MaxOpenFiles 2048 

# make gtls driver the default $DefaultNetstreamDriver gtls 

# certificate files generated on RHEL6 and stored in /root $DefaultNetstreamDriverCAFile /etc/pki/rsyslog/ca.pem $DefaultNetstreamDriverCertFile /etc/pki/rsyslog/rslserver-cert.pem $DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/rslserver-key.pem

    7. Configure the syslog agent for TLS.

      Sample /etc/rsyslog.d/nam.conf:

      # make gtls driver the default $DefaultNetstreamDriver gtls 

# certificate files $DefaultNetstreamDriverCAFile /etc/pki/rsyslog/ca.pem $DefaultNetstreamDriverCertFile /etc/pki/rsyslog/rslclient-cert.pem $DefaultNetstreamDriverKeyFile /etc/pki/rsyslog/rslclient-key.pem 

#### GLOBAL DIRECTIVES #### $ActionSendStreamDriverAuthMode x509/name $ActionSendStreamDriverMode 1 # run driver in TLS-only mode

NOTE:Making any changes on the Auditing UI overwrites the manual changes made in the nam.conf file. The changes must be manually done in each component.