https://live.paloaltonetworks.com/t5/general-topics/tls-syslog-cert-import/m-p/30089#M21987 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P></P><P>Certificates, can anybody help?</P><P></P><P>I have a cert <SPAN style="color: #222222; font-family: arial, sans-serif;">syslog-ng.cert that ArcSight logger auto-generated and I want to import this on to the firewall as a "Certificate for Secure SYSLOG"</SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif;"><BR /></SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif;">It imports OK as </SPAN><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;">Base64 encoded PEM </SPAN><SPAN style="color: #222222; font-family: arial, sans-serif;">f</SPAN><SPAN style="font-size: 10pt; line-height: 1.5em; color: #222222; font-family: arial, sans-serif;">ormat, with the </SPAN><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;">option to import a private key disabled (if I </SPAN><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;">choose this I need to give a Key File or a Passphrase...which I don't have).</SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;"><BR /></SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;">But once the valid cert is loaded I do not have the option to make it a <SPAN style="color: #222222; font-family: arial, sans-serif;">"Certificate for Secure SYSLOG".</SPAN></SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;"><BR /></SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;">Something must be missing from <SPAN style="color: #222222; font-family: arial, sans-serif;">syslog-ng.cert, Logger has openssl installed so if I could figure out the syntax to produce a key that the firewall will be happy to use for SYSLOG.</SPAN></SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;"><BR /></SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;">Thanks for looking.</SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;"><BR /><BR /></SPAN>Best regards</P><P>Richard</P></BODY></HTML> Tue, 15 Jul 2014 07:11:48 GMT RichardThornton 2014-07-15T07:11:48Z https://live.paloaltonetworks.com/t5/general-topics/tls-syslog-cert-import/m-p/30089#M21987 <HTML><HEAD></HEAD><BODY><P>Hi all,</P><P></P><P>Certificates, can anybody help?</P><P></P><P>I have a cert <SPAN style="color: #222222; font-family: arial, sans-serif;">syslog-ng.cert that ArcSight logger auto-generated and I want to import this on to the firewall as a "Certificate for Secure SYSLOG"</SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif;"><BR /></SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif;">It imports OK as </SPAN><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;">Base64 encoded PEM </SPAN><SPAN style="color: #222222; font-family: arial, sans-serif;">f</SPAN><SPAN style="font-size: 10pt; line-height: 1.5em; color: #222222; font-family: arial, sans-serif;">ormat, with the </SPAN><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;">option to import a private key disabled (if I </SPAN><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;">choose this I need to give a Key File or a Passphrase...which I don't have).</SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;"><BR /></SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;">But once the valid cert is loaded I do not have the option to make it a <SPAN style="color: #222222; font-family: arial, sans-serif;">"Certificate for Secure SYSLOG".</SPAN></SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;"><BR /></SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;">Something must be missing from <SPAN style="color: #222222; font-family: arial, sans-serif;">syslog-ng.cert, Logger has openssl installed so if I could figure out the syntax to produce a key that the firewall will be happy to use for SYSLOG.</SPAN></SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;"><BR /></SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;">Thanks for looking.</SPAN></P><P><SPAN style="color: #222222; font-family: arial, sans-serif; font-size: 10pt; line-height: 1.5em;"><BR /><BR /></SPAN>Best regards</P><P>Richard</P></BODY></HTML> Tue, 15 Jul 2014 07:11:48 GMT https://live.paloaltonetworks.com/t5/general-topics/tls-syslog-cert-import/m-p/30089#M21987 RichardThornton 2014-07-15T07:11:48Z https://live.paloaltonetworks.com/t5/general-topics/tls-syslog-cert-import/m-p/30090#M21988 <HTML><HEAD></HEAD><BODY><P><SPAN style="font-size: 10pt; line-height: 1.5em;">Hello,</SPAN></P><P><SPAN style="font-size: 10pt; line-height: 1.5em;"><BR /></SPAN></P><P><SPAN class="Bold" style="font-weight: bold; color: #000000; font-family: 'Microsoft Sans Serif';">Certificate for Secure <SPAN class="GINGER_SOFTWARE_mark">Syslog</SPAN></SPAN><SPAN style="color: #000000; font-family: 'Microsoft Sans Serif';">—This certificate enables secure forwarding of <SPAN class="GINGER_SOFTWARE_mark">syslogs</SPAN> to an external <SPAN class="GINGER_SOFTWARE_mark">syslog</SPAN> server. <SPAN class="GINGER_SOFTWARE_mark">( </SPAN><SPAN class="GINGER_SOFTWARE_mark">it</SPAN> should not be a CA)</SPAN></P><P><SPAN style="color: #000000; font-family: 'Microsoft Sans Serif';"><BR /></SPAN></P><P><SPAN style="color: #000000; font-family: 'Microsoft Sans Serif';"> <IMG alt="certificate.JPG" class="image-0 jive-image" src="https://live.paloaltonetworks.com/legacyfs/online/14446_certificate.JPG" style="height: 251px; width: 620px;" /></SPAN></P><P><SPAN style="font-family: inherit; font-size: 10pt; font-style: inherit; font-weight: inherit; line-height: 1.5em;"><BR /></SPAN></P><P><SPAN style="font-family: inherit; font-size: 10pt; font-style: inherit; font-weight: inherit; line-height: 1.5em;"><SPAN class="GINGER_SOFTWARE_mark">Syslogng</SPAN></SPAN><SPAN style="font-family: inherit; font-size: 10pt; font-style: inherit; font-weight: inherit; line-height: 1.5em;"> must access end entity and CA certificates in order to negotiate SSL connections. All default, user imported or generated CA </SPAN><SPAN class="GINGER_SOFTWARE_mark" style="font-family: inherit; font-size: 10pt; font-style: inherit; font-weight: inherit; line-height: 1.5em;">certs</SPAN><SPAN style="font-family: inherit; font-size: 10pt; font-style: inherit; font-weight: inherit; line-height: 1.5em;"> must be loaded into Syslogng’s CA directory.</SPAN></P><P><SPAN style="font-family: inherit; font-size: 10pt; font-style: inherit; font-weight: inherit; line-height: 1.5em;"><BR /></SPAN></P><P><SPAN style="font-family: inherit; font-size: 10pt; font-style: inherit; font-weight: inherit; line-height: 1.5em;">Thanks<BR /></SPAN></P></BODY></HTML> Tue, 15 Jul 2014 07:33:02 GMT https://live.paloaltonetworks.com/t5/general-topics/tls-syslog-cert-import/m-p/30090#M21988 HULK 2014-07-15T07:33:02Z