Reputation: 4340
NXLog with HTTPS: How to configure SSL and certificate?
I'm trying to use NXLog to post to a service in https. Unfortunately, I keep receiving this error for every post attempts:
2018-12-19 09:11:14 ERROR SSL certificate verification failed: unable to get local issuer certificate (err: 20)
The service we are trying to reach is an HTTPS endpoint with a "Let's encrypt" certificate. I have no problem posting to the endpoint with tools like Postman. But NXLog keeps complaining.
I tried to play with the multiple options of the https module but since I don't really understand what they are and the documentation is not very helpful, I need help.
I tried to put HTTPSAllowUntrusted to TRUE but it doesn't change anything. Also tried to provide .pem file from mozilla and various source in HTTPSCADir and HTTPSCAFile but that doesn't change anything too.
Here is my latest .conf file attemps. Any help to be able to configure SSL would be welcome.
Panic Soft
#NoFreeOnExit TRUE
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define CONFDIR %ROOT%\conf
define LOGDIR %ROOT%\data
define LOGFILE %LOGDIR%\nxlog.log
LogFile %LOGFILE%
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
<Extension _syslog>
Module xm_syslog
</Extension>
<Extension _charconv>
Module xm_charconv
AutodetectCharsets iso8859-2, utf-8, utf-16, utf-32
</Extension>
<Extension csv>
Module xm_csv
Fields $contentName, $deviceName, $startTime, $endTime, $contentId, $deviceId
FieldTypes string, string, string, string, string, string
Delimiter ,
</Extension>
<Extension exec>
Module xm_exec
</Extension>
<Extension json>
Module xm_json
</Extension>
<Input in>
Module im_file
File "C:\\MagicInfo Premium\\runtime\\upload\\pop\\report\\*W*.csv"
Exec csv->parse_csv(); to_json();
</Input>
<Output http>
Module om_http
URL https://my-service.com/api/v1/proof-of-play-log/
HTTPSCAFile %CERTDIR%/cacert.pem
ContentType application/json
</Output>
<Route 1>
Path in => http
</Route>
To summarize: What .pem file do I need and what parameter needs to be set to do a simple post to an https endpoint that has a "Let's encrypt" certificate.
EDIT
Finally, I realised NXLog is completely buggy and badly coded so we changed to another solution...
Upvotes: 0
Views: 1131
Answers (1)
Reputation: 77024
The Intermediates May Be Missing
This is rare and may not be the solution to your problem, but it is a solution to some problems with exactly the same symptoms.
The untrusted very option may be failing because it may allow untrusted cert chains, but not orphaned / incomplete chains (which is slightly different). Though, on second thought, that’s probably not possible to distinguish...
But if it is the case, the extra certa you’d want to include are the intermediates listed in the “active” and “backup” sections at https://letsencrypt.org/certificates/
Upvotes: 1
Related Questions
- Letsencrypt certificate for www and non-www domain
- How do I setup https with a LetsEncrypt certificate?
- How to config ssl_trusted_certificate of Let’s Encrypt?
- How to config NGINX reverse proxy and let's encrypt certificate
- How to add certificate for sub-domain using Lets Encrypt
- How to install a letsencrypt cert with nginx?
- How configure Nancyfx with https
- Using nxlog to ship logs in to logstash from Windows using om_ssl
- Using TLS 1.2 to ship from NXlog to Logstash
- Using SSL to ship from NXlog to Logstash