You are aware that OpenBSD 7.4 has not been released yet, right?
On Mon, Oct 09, 2023 at 06:42:02PM +0200, Noth wrote:
>
> This wasn't covered in http://www.openbsd.org/plus74.html . I have a setup
> where various OpenBSD instances log via TLS to a central logger, using self
> signed certificates I generated locally (10 year validity). Both the server
> and the clients verify each other using the -c & -s options for syslogd on
> the clients and -K for the server.
>
> I upgraded to 7.4 via CVS on my VMs but not my routers (yet). The 7.3
> routers are still able to connect via TLS but the 7.4 VMs can't as they
> don't like the self signed certs. It'd be nice if this was in the
> upgrade74.html with some explanation of why this changed.
Actually, if you built from source from a recent -current (HEAD) checkout,
what you got was just that: something that is close to what will be 7.4-release,
(a matter of weeks if not days), but not actually 7.4-release or -stable.
> Is my path to getting all this working again the way it was to use Let's
> Encrypt certificates?
It's hard to tell the exact cause of your problem since you do not provice crucial
data such as any error messages that would appear in a log somewhere.
We also do not know much about your configuration or what requirements the setup
is supposed to fill. But sure, in quite a number of situations auto-reneweing
Let's Encrypt certificates would be a serviceable solution.
- Peter
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
No comments:
Post a Comment