Server certificates

Server certificates are the most basic feature of SSL and TLS and are commonly used for signing in to e-commerce or financial websites.

The most basic feature of a server certificate is a public key. The client generates a random number, uses the public key to encrypt the random number, and sends the encrypted number to the server. The server decrypts the random number with the private key that corresponds to the public key, and the remainder of the session traffic is encrypted with the random number using secret key encryption. Public key encryption is too slow to use for general session traffic. The certificate also contains the Common Name (CN) of one or more servers (Server.YourCo.com or 192.168.80.1) for that it was issued. A server certificate that is not authenticated by a certificate authority is called a self-signed certificate. SyslogDefender ships with a self-signed server certificate.

The output_tls or SyslogSender verification of a server certificate must have an X.509v3 Extended Key Usage that includes TLS Web Server Authentication.

The certificate can specify the server fully-qualified domain name (FQDN) of the server in the common name field or in one of the X.509v3 Subject Alternative Name fields. For more information, see Certificate-name-wildcards.

To encrypt syslog traffic, you only need the provided server certificate. While this certificate provides for strong encryption, its secret key has been distributed to every SyslogDefender prospect and customer. You must create your own secret key and (possibly self-signed) certificate; how to do so is beyond the scope of this documentation.

Enabling server certificates

SSL/TLS requires enabled server certificates. 

To enable a server certificate, specify certificate= and keyfile= under [listen_tls_n] in the SyslogDefender configuration file.