0

We have configured a Syslog-ng relay server to which accepts client logs. Client and the relay server communicates and forward the logs using TLS. We are noticing the below error in our client.

I followed Configuring syslog-ng PE clients to setup TLS communication.

Dec 13 05:29:13 syslog-ng[10769]: Syslog connection established; fd='16', server='AF_INET(1**.1**.1.105:6514)', local='AF_INET(0.0.0.0:0)'
Dec 13 05:29:13 syslog-ng[10769]: Error setting up TLS session context; tls_error='PEM routines:PEM_read_bio:no start line'

What is the problem and how do I fix it?

jww
  • 97,681
  • 90
  • 411
  • 885
user1115980
  • 13
  • 1
  • 7
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. – jww Dec 15 '17 at 13:05

1 Answers1

0

The client's certificate in the PEM file should be preceded by a line that looks like this:

-----BEGIN CERTIFICATE-----

The 'no start line' error message you're seeing is what you get if that line is absent from the file.

Check that the client PEM file contains that line. (It's just a text file, you can look at it with any editor.) If it doesn't contain that line then either the file got damaged when you copied it to the client, or perhaps the original file is incorrect.

If you generated the PEM file on a Unix or Linux machine and then copied it to a Windows machine, it's possible that you'll need to change the line endings in the file from just LF to CR LF in order for it to be read correctly.

ottomeister
  • 5,415
  • 2
  • 23
  • 27