我想使用未经证书验证的tls,即避免配置
$DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt
在客户端。
尝试时
$ActionSendStreamDriverAuthMode x509/certvalid
或
$ActionSendStreamDriverAuthMode anon
我明白了:
Jul 28 22:02:11 ubuntu rsyslogd[15006]: not permitted to talk to peer, certificate invalid: signer not found [v8.2001.0] Jul 28 22:02:11 ubuntu rsyslogd[15006]: invalid cert info: peer provided 1 certificate(s). Certificate 1 info: certificate valid from Mon Jul 27 09:56:36 2020 to Tue Jul 27 09:56:36 2021; Certificate public key: RSA; DN: CN=snc-mid-my-mid-718501300f1210103c8ecae144fc3a00,DC=service-now,DC=com; Issuer DN: CN=snc-mid-my-mid-718501300f1210103c8ecae144fc3a00,DC=service-now,DC=com; [v8.2001.0]
当我配置时
$DefaultNetstreamDriverCAFile /etc/ssl/certs/ca-certificates.crt
一切正常
有什么想法吗?