TLS connections fail when using two or more Virtual IP (VIP) addresses that each have different hostnames than the primary hostname of the Syslog-ng PE host operating system's hostname and Syslog-ng PE is running on a Linux host.
The X509 server certificate must include the additional IP addresses and hostnames within the subject alternate names section of the certificate. The team responsible for certificate creation must ensure that the additional IP addresses and hostnames within the subject alternate names section of the certificate exist and list the correct IP addresses as well as hostnames.
Once the additional IP addresses and hostnames have been added to the certificate that certificate will need to be uploaded to be used by the Syslog-ng PE server.
An example of a configuration file that includes the additional IP addresses and hostnames should look similar to the following example. The example below should not be used and has been created for example purposes only.
[req]
default_bits = 4096
default_md = sha256
req_extensions = v3_req
keyUsage = keyEncipherment,dataEncipherment
basicConstraints = CA:FALSE
distinguished_name = dn
[ v3_req ]
subjectAltName = @alt_names
extendedKeyUsage = serverAuth,clientAuth
[ alt_names ]
DNS.1 = PrimaryHostname.FQDN
DNS.2 = HostNameofVIP1.FQDN
DNS.3 = HomenameofVIP2.FQDN
IP.1 = PrimaryIPAddress
IP.2 = IPofVIP1
IP.3 = IPofVIP2
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center