Client auth configured, but no authorized certificates

ghostwalker42 · September 21, 2022, 11:34pm

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
I’m Having a problem sending logs from my firewall to the graylog server. I’m running a fortigate on 7.x code and following this link GitHub - seanthegeek/graylog-fortigate-cef: A Graylog content pack containing a stream and dashboards for Fortinet Fortigate CEF logs

When checking the logs under /var/log/graylog-server/server.log, Im seeing the connection error:

2022-09-21T19:31:17.161-04:00 WARN [AbstractTcpTransport] Client auth configured, but no authorized certificates / certificate authorities configured for input [CEF TCP/63271fa5c677c11cc45447b6]
2022-09-21T19:31:17.225-04:00 ERROR [AbstractTcpTransport] Error in Input [CEF TCP/63271fa5c677c11cc45447b6]

2. Describe your environment:

OS Information:
Graylog server: Ubuntu server 20.04
Firewall: 7.2.0
Package Version:
Graylog 4.3
Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem? I have been googling around on how to create the cert and locations but are only finding old items from 2016/2018/2020 on graylog 3.x

4. How can the community help?
If you can point me into an guide, that would be great. any help would be great.

Thank you in advance,

gsmith · September 21, 2022, 11:52pm

Hello,

I see your using CEF TCP as a input by chance do you have TLS enabled?

Does these FortiGate firewalls have Certificates on them? If not try using CEF UDP instead see if that works or disable the tic box for enabling TLS.

As for creating the certificates TCP/TLS if there from the firewall I would make sure Graylog can read them and there installed in GL’s keystore with the right format.

ghostwalker42 · September 22, 2022, 12:04am

THank you for the help. I was thinking of trying UDP. That did the trick. I’m getting all the great log data now.

Once more thank you for the help.

gsmith · September 23, 2022, 12:40am

awesome-yes-will-ferrell

system · October 7, 2022, 12:40am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
FortiGate: I can get CEF logs over UDP and Syslog over TLS, but not CEF over TLS. Why? Graylog Central (peer support)	16	3239	May 2, 2023
Fortinet/Fortigate TLS certificate problem Graylog Central (peer support)	1	369	June 7, 2023
Setting up TLS Client Auth Trusted Cert for Graylog Input Graylog Central (peer support)	1	2346	June 23, 2017
Accept only authorised logs Graylog Central (peer support)	5	275	September 19, 2023
Authentication Service TLS (Windows Active Directory) Graylog Central (peer support)	5	683	January 25, 2024

Client auth configured, but no authorized certificates

Related topics