Certificates (both server and trusted) must meet the following criteria.
Before you begin
- Only RSA certificates are accepted.
- The public key must be greater than or equal to 2048 bits.
- The Signature Algorithm must be using SHA256.
- The device being a Syslog client, it needs to
have the Syslog server's Root CA certificate installed on it before the TLS
connection is attempted.
- An expired certificate is not accepted.
- A certificate with an empty Subject
Alternative Name (SAN) field and invalid Common Name (CN) is rejected.
- For SAN, check for the matching incoming server IPv4 address.
- IF SAN doesn't match, then CN is validated for incoming server IPv4
address.
- Upto 3 length of chain certificate is
supported. Self-signed certificate is no longer supported in this mode.
- The TLS connection must use the approved
cipher suites.
