Config Syslog Opnsense with SO certificate (TLS)

[Mav1814]

Version

2.4.20

Installation Method

Security Onion ISO image

Description

configuration

Installation Type

Distributed

Location

on-prem with Internet access

Hardware Specs

Exceeds minimum requirements

CPU

4

RAM

32

Storage for /

212

Storage for /nsm

200

Network Traffic Collection

tap

Network Traffic Speeds

1Gbps to 10Gbps

Status

Yes, all services on all nodes are running OK

Salt Status

Yes, there are salt failures (please provide detail below)

Logs

Yes, there are additional clues in /opt/so/log/ (please provide detail below)

Detail

Hello Again!
I'm so sorry. But i have more doubts.

I've been trying to figure out how to configure syslog via tls.
The aim is to configure opnsense to send the logs through syslog via TLS. UDP/TCP works without any problems.

Supposedly, for it to work in opnsense with a certificate, I'd have to import the certificates, both the CA and the Key. Which I did by importing the CA and Key from my manager, "/etc/pki/", ca.crt and ca.key.

I still can't figure out what I'm doing wrong. Do I need to do any more configuration? I haven't found anything about logs yet.

If anyone could enlighten me, I'd really appreciate it.

Again, amazing job, i think security onion its an incredible tool! There are so many features that it's hard to understand them all.
Cheers,

Guidelines

• I have read the above statement and can confirm my post is relevant to Security Onion 2.4.

[Mav1814]

Any Idea?

[kvkamin]

I think you are importing a CA literally, since you are providing the private key. Clients never need the CA's private key. I suppose you need to import the CA public cert so the client (opnsense) trusts the crt signed by the SO CA.

[Mav1814]

So, i need to find the CA public cert on the SO directories, in order to import it on the client(opnsense).

[kvkamin]

Yes, that is how your client works when you browse. Your browser has a local cache of pubic CA root certificates, that is why it trusts the cert offered by the server. This is always the challenge with private CA's, you have to distribute the CA's public cert the the clients.

[Mav1814]

I will try to find the pub CA on the SO. I don't know where it is. xD
I appreciate the help, i hope i can find it and make it work on my opnsense.

[Mav1814]

I'm having trouble finding the right pub cert for opnsense, since importing the cert asks me for the "Certificate data" and the "Private key data". I tested with managerssl.crt and managerssl.key, but it didn't work, on the OS side I don't get the logs... I attach an image of the directory with the supposed certs and I also list the tls directory.
I don't really understand this issue of certificates. I apologize.

[kvkamin]

Spare yourself the trouble and splurge on a cheap SSL cert. They are very cheap. All will be well.

K