TLS connections fail when using two or more Virtual IP (VIP) addresses that each have different hostnames than the primary hostname of the Syslog-ng PE host operating system's hostname and Syslog-ng PE is running on a Linux host.
The X509 server certificate must include the additional IP addresses and hostnames within the subject alternate names section of the certificate. The team responsible for certificate creation must ensure that the additional IP addresses and hostnames within the subject alternate names section of the certificate exist and list the correct IP addresses as well as hostnames.
Once the additional IP addresses and hostnames have been added to the certificate that certificate will need to be uploaded to be used by the Syslog-ng PE server.
An example of a configuration file that includes the additional IP addresses and hostnames should look similar to the following example. The example below should not be used and has been created for example purposes only.
[req] default_bits = 4096 default_md = sha256 req_extensions = v3_req keyUsage = keyEncipherment,dataEncipherment basicConstraints = CA:FALSE distinguished_name = dn [ v3_req ] subjectAltName = @alt_names extendedKeyUsage = serverAuth,clientAuth [ alt_names ] DNS.1 = PrimaryHostname.FQDN DNS.2 = HostNameofVIP1.FQDN DNS.3 = HomenameofVIP2.FQDN IP.1 = PrimaryIPAddress IP.2 = IPofVIP1 IP.3 = IPofVIP2