An Appliance Administrator can upload a syslog client certificate so that Safeguard for Privileged Passwords can send authenticated messages to syslog servers that do not accept anonymous clients. For more information, see Syslog.

You can have only one syslog client certificate defined, which is used by all Safeguard for Privileged Passwords Appliances in the same cluster.

Instead of using the default syslog client certificate supplied, it is recommended you generate the Certificate Signing Request (CSR) using Create Certificate Signing Request (CSR). For more information, see Creating a syslog client Certificate Signing Request.

If you do use the default syslog client certificate, you are responsible for configuring the syslog server to accept the default certificate. For more information, see Installing a syslog client certificate.

Manage a Certificate Signing Request (CSR)

To define, generate, or manage a syslog client certificate, go to Syslog Client Certificate:

  • web client: Navigate to Certificates > Syslog Client Certificate.

The following properties and controls are available to manage your syslog client certificate.

Table 137: Syslog Client Certificate: Properties
Property Description
Refresh

Click to get the latest information about the client certificate used.

Subject

Displays the client which is the name of the subject assigned to the certificate when it was requested.

Thumbprint

A unique hash value that identifies the certificate.

Expiration Date

The expiration date of the certificate.

Add Certificate

Click Add Certificate and select one of the following options to replace the default certificate with a new certificate:

Use Default

Click Use Default to reset the certificate back to the default supplied by SPP.

By default, the data is encrypted in transit but there is no authentication of the client/server.