Accepted values: | yes | no |
Default: | yes |
Description: Verification method of the peer. The following table summarizes the possible options and their results depending on the certificate of the peer.
The remote peer has: | ||||
---|---|---|---|---|
no certificate | invalid certificate | valid certificate | ||
Local peer-verify() setting | no (optional-untrusted) | TLS-encryption | TLS-encryption | TLS-encryption |
yes (required-trusted) | rejected connection | rejected connection | TLS-encryption |
For untrusted certificates only the existence of the certificate is checked, but it does not have to be valid — syslog-ng accepts the certificate even if it is expired, signed by an unknown CA, or its CN and the name of the machine mismatches.
|
Caution:
When validating a certificate, the entire certificate chain must be valid, including the CA certificate. If any certificate of the chain is invalid, syslog-ng OSE will reject the connection. |
© 2025 One Identity LLC. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center