05-09-2024 07:17 AM
PKCS12 Certificate and Password generated from Paloalto is used at syslog server to establish connection between both system and used to decrypt the logs. However after establishing the connection the ssl handshake is broken and we see below error.
Syslog SSL error while writing stream; tls_error='rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding'. location='/opt/pancfg/mgmt/syslogng/pan_sysng,cfg:59:3'
Kindly help to understand this error, is it anything related to the certificate generated or do we have any other checklist to fix this issue.
05-09-2024 07:25 AM - edited 05-09-2024 07:25 AM
Hello,
Its possible its showing the incorrect error in relation to this bug ID:
|
PAN-241772
|
Fixed an issue where, when TLSv1.3 was used, an incorrect error message
invalid padding was displayed instead of the expected error message Invalid server certificate
. |
The certificate used for secure syslog on the firewall needs to have the CN set as the IP address of the interface that it is using to send the secure syslog information. Is this the case in your setup? And are you using a self-signed certificate, if so does wherever you're logging syslog data to trust this certificate?
How To Setup Syslog Monitoring Over TLS - Knowledge Base - Palo Alto Networks
05-09-2024 10:27 PM - edited 05-09-2024 10:28 PM
Hi,
We are using TLSv1.2, is this also having incorrect error message issue?.
And CN ip address used is the Firewall interface IP, also the self-signed certificate is imported to the syslog server still we are not able to fix this error.
Syslog SSL error while writing stream; tls_error='rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding'. location='/opt/pancfg/mgmt/syslogng/pan_sysng,cfg:59:3'
05-10-2024 07:25 AM
What version of Pan-os are you using? We've got secure syslog setup and I personally havent received that error before. What happens if you generate a different cert and try that? To confirm, do you have the "Certificate for Secure Syslog" checked on the cert
05-10-2024 07:47 AM
pan os 10.2.8-h3 is the version. Yes we followed the guide How To Setup Syslog Monitoring Over TLS - Knowledge Base - Palo Alto Networks and "Certificate for Secure Syslog" checked on the cert. Also tried with different cert couple of time as well.
We have onboarded 3 more firewalls folowing the guide and no issues. Only this firewall is having error.
Attached the error for reference.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
