Encrypting traffic to a remote syslog-ng server including SSL peer authentication
1. Install stunnel and syslog-ng on all machines.
2. Create certificates for all machines. On RedHat 9 and similar machines, you can do the following as root:
# cd /etc/pki/tls/certs # make syslog-ng-server.pem # make syslog-ng-client.pem
3. Place copies of syslog-ng-server.pem on all machines in /etc/stunnel with one important alteration. The clients only need the certificate section of syslog-ng-server.pem. In other words, remove the private key section from syslog-ng-server.pem on all clients. Place every client's syslog-ng-client.pem in /etc/stunnel. For server, create a special syslog-ng-client.pem containing the certificate sections for all clients and place in /etc/stunnel. In other words, remove the private key sections from all syslog-ng-client.pem files and concatenate what is left to create server's special syslog-ng-client.pem.
Ok my question is from above it says to create one syslog-ng-client.pem file per client. 1)Do the names for each of these need to remain syslog-ng-client.pem or can they have names that reflect the host that they are on? 2) if they all need to keep that name do just move the client file to one client/host and then delete it from the server then move on to create the next?