HP XP7 Command View Advanced Edition Administrator Guide (Web Version) (TK981-96004, May 2014)

ManualsBrandsHP ManualsSoftwareHP XP Array Manager Enterprise Media Kit

141

142

143

144

145

146

147

148

149

150

Requirements of the new Syslog protocol (TLS1.2/RFC5424)

The new Syslog protocol (TLS1.2/RFC5424) requires the following:

• Operation confirmed Syslog server (rsyslog version 4.6.2)

• Syslog server certificate. The IP address of the Syslog server in "Subject Alternative Name: IP Ad-

dress" of the Syslog server certificate.

• Client certificate. Upload the following:

NotesFormatCertificate type

Obtain the Syslog server root certificate from the server

administrator.

X.509

Syslog server root cer-

tificate

Convert the Syslog server client certificate that is signed

by a Certificate Authority (CA) to PKCS#12 format. (See

“Obtaining a client certificate for the new Syslog pro-

tocol” on page 142.)

PKCS#12Client certificate

Each certificate has an expiry date, after which you are prevented from connecting to the Syslog

server. Note the expiry dates when preparing certificates.

Contact the Syslog server administrator for the following:

• Password set up in the PKCS#12-format client certificate

• More information about the certificates

Obtaining a client certificate for the new Syslog protocol

To obtain a client certificate:

1. Download the program to create the certificate from the following website: OpenSSL website,

http://www.openssl.org/.

2. Install the OpenSSL program in the C:\openssl folder.

3. Convert the client certificate to the PKCS#12 format.

Example

The following example to obtain a client certificate, Windows Vista is the operating system. Both a

private key and a public key are created. The client.p12 file is the client certificate in PKCS#12

format. This file is created in the c:\key folder.

1. Create a private key (.key file).

2. Create a public key (.csr file).

3. Send the new key to the Syslog server Certificate Authority for signature to obtain a certificate.

The certificate is used as the client certificate.

When preparing a certificate, note its expiration date. If the expiration date passes, you will not be

able to connect to the Syslog server.

Setting up logs and alerts142