You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I want to send logs from one server to another one with fluent-bit. I use for output/input the "forward" module.
Without tls it works as expected. When I enable tls I get these errors at the server side:
Dec 17 13:44:53 xxx fluent-bit[103363]: [2024/12/17 13:44:53] [debug] [downstream] connection #84 failed
Dec 17 13:44:53 xxx fluent-bit[103363]: [2024/12/17 13:44:53] [error] [input:forward:forward.1] could not accept new connection
Dec 17 13:44:54 xxx fluent-bit[103363]: [2024/12/17 13:44:54] [error] [tls] certificate verification failed, reason: unsuitable certificate purpose (X509 code: 26)
Dec 17 13:44:54 xxx fluent-bit[103363]: [2024/12/17 13:44:54] [debug] [downstream] connection #84 failed
To Reproduce
configuration server side:
[INPUT]
Name systemd
[INPUT]
Name forward
Listen 0.0.0.0
Port 24224
tls on
tls.debug 4
tls.verify on
tls.ca_file /etc/acme-lego/certificates/chain.crt
tls.crt_file /etc/acme-lego/certificates/xxx.xx.xx.crt
tls.key_file /etc/acme-lego/certificates/xxx.xx.xx.key
[OUTPUT]
Name stdout
Match *
configuration client side:
[INPUT]
Name systemd
[OUTPUT]
Name forward
Match *
Host xxx.xx.xx
Port 24224
tls on
tls.ca_file /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
tls.crt_file /etc/acme-lego/certificates/xxx.axxcp.xx.crt
tls.key_file /etc/acme-lego/certificates/xxx.xx.xx.key
Your Environment
I checked the purpose of the certificate and it is any:
[root@xx certificates]# openssl x509 -noout -in xx.xx.xx.crt -purpose
Certificate purposes:
SSL client : No
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : No
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No
Time Stamp signing : No
Time Stamp signing CA : No
Code signing : No
Code signing CA : No
[root@xx certificates]#
Additional context
The text was updated successfully, but these errors were encountered:
Bug Report
Describe the bug
I want to send logs from one server to another one with fluent-bit. I use for output/input the "forward" module.
Without tls it works as expected. When I enable tls I get these errors at the server side:
To Reproduce
configuration server side:
configuration client side:
Your Environment
I checked the purpose of the certificate and it is any:
Additional context
The text was updated successfully, but these errors were encountered: