Importing a TLS –certificate for RSYSLOG

What kind of TLS certificate is needed?

Note:

The short tutorial "Creating a *.pem file" shows you how to create a valid certificate. All you need to do is rename the certificate into rsyslog.pem. The Tutorial can be found in the Help Center under Creating a *.pem file or in the CS141 manual.

A pem file is required for operation with TLS encryption. Make sure that both the rsyslog server and the CS141 use the same certificate, otherwise the encrypted communication cannot take place.

At the CS141, upload and install the certificate by placing the file at the upload box:

Place the file via drag’n’drop and click on upload.

If the certificate has been successfully uploaded, the CS141 will show a corresponding message.

After installing the certificate, these additional functions are available:

- Accept only TLS connection

- Reject expired TLS certificates

Activate the check boxes and save the configuration.

The CS141 takes over your settings and automatically restart the necessary syslog service.

Check list: If the communication with the rsyslog server does not start

1. Check the IP address and server port.
   Larger and well-secured networks may restrict port access on network devices such as manageable switches. As a result, communication may be blocked. Please also check the internal firewall of the server as well as any third-party security solutions to ensure that the CS141 is allowed to communicate. Verify that the IP address and port settings are correct.

2. Check the network infrastructure.
   So-called VLANs are often used in larger networks. Physical ports on the same switch may be assigned to restricted instances and separated from other ports. As a result, your server may be in a completely different network segment, even though it is connected to the same switch as the CS141. If your server is in a different segment, communication will not be possible. Ensure that all routers and switches are properly connected and configured.

3. Check the certificate(s).
   Damaged or incorrectly created certificates (PEM files) can prevent communication. Also make sure that both the sender and the recipient use matching *.pem files; otherwise, TLS will not function.