diff options
Diffstat (limited to 'doc/tls_cert_summary.html')
-rw-r--r-- | doc/tls_cert_summary.html | 66 |
1 files changed, 0 insertions, 66 deletions
diff --git a/doc/tls_cert_summary.html b/doc/tls_cert_summary.html deleted file mode 100644 index 8e003bc..0000000 --- a/doc/tls_cert_summary.html +++ /dev/null @@ -1,66 +0,0 @@ -<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> -<html><head><title>TLS-protected syslog: Summary</title> -</head> -<body> - -<h1>Encrypting Syslog Traffic with TLS (SSL)</h1> -<p><small><i>Written by <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> (2008-07-03)</i></small></p> - -<ul> -<li><a href="rsyslog_secure_tls.html">Overview</a> -<li><a href="tls_cert_scenario.html">Sample Scenario</a> -<li><a href="tls_cert_ca.html">Setting up the CA</a> -<li><a href="tls_cert_machine.html">Generating Machine Certificates</a> -<li><a href="tls_cert_server.html">Setting up the Central Server</a> -<li><a href="tls_cert_client.html">Setting up syslog Clients</a> -<li><a href="tls_cert_udp_relay.html">Setting up the UDP syslog relay</a> -<li><a href="tls_cert_summary.html">Wrapping it all up</a> -</ul> - -<h3>Summary</h3> -<p>If you followed the steps outlined in this documentation set, you now have -<span style="float: left"> -<script type="text/javascript"><!-- -google_ad_client = "pub-3204610807458280"; -/* rsyslog doc inline */ -google_ad_slot = "5958614527"; -google_ad_width = 125; -google_ad_height = 125; -//--> -</script> -<script type="text/javascript" -src="http://pagead2.googlesyndication.com/pagead/show_ads.js"> -</script> -</span> -a reasonable (for most needs) secure setup for the following environment: -<center><img src="tls_cert_100.jpg"></center> -<p>You have learned about the security decisions involved and which we -made in this example. <b>Be once again reminded that you must make sure yourself -that whatever you do matches your security needs!</b> There is no guarantee that -what we generally find useful actually is. It may even be totally unsuitable for -your environment. -<p>In the example, we created a rsyslog certificate authority (CA). Guard the CA's -files. You need them whenever you need to create a new machine certificate. We also saw how -to generate the machine certificates themselfs and distribute them to the individual -machines. Also, you have found some configuration samples for a sever, a client and -a syslog relay. Hopefully, this will enable you to set up a similar system in many -environments. -<p>Please be warned that you defined some expiration dates for the certificates. -After they are reached, the certificates are no longer valid and rsyslog will NOT -accept them. At that point, syslog messages will no longer be transmitted (and rsyslogd -will heavily begin to complain). So it is a good idea to make sure that you renew the -certificates before they expire. Recording a reminder somewhere is probably a good -idea. -<p>If you have any more questions, please visit the <a href="http://kb.monitorware.com/rsyslog-f40.html">rsyslog forum</a> and simply ask ;) -<h2>Copyright</h2> -<p>Copyright (c) 2008 <a href="http://www.adiscon.com/en/people/rainer-gerhards.php">Rainer -Gerhards</a> and -<a href="http://www.adiscon.com/en/">Adiscon</a>.</p> -<p> Permission is granted to copy, distribute and/or modify this -document under the terms of the GNU Free Documentation License, Version -1.2 or any later version published by the Free Software Foundation; -with no Invariant Sections, no Front-Cover Texts, and no Back-Cover -Texts. A copy of the license can be viewed at -<a href="http://www.gnu.org/copyleft/fdl.html">http://www.gnu.org/copyleft/fdl.html</a>.</p> -</body></html> |