Install Certificates Required for TLS Encryption

Learn how to install the three certificates required for using TLS encryption for remote logging.

Before you begin

The NPB application supports remote logging on Linux, Mac, or Windows operating systems, and the following commands are Linux-specific. Refer to the documentation for the Rsyslog utility for your operating system, as needed.

About this task

To optionally enable TLS encryption over TCP, you must generate and install three certificates on the remote logging server to enable TLS encryption over TCP. All three certificates are in PEM format:

CA certificate
Machine key certificate
Machine key

Note

the application, the Rsyslog client that sends syslogs to the remote logging server, needs only the CA certificate that is in current use on the device.

Procedure

Generate the three required certificates, using the instructions provided at the following Rsylog locations.
- https://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_ca.html
- https://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_machine.html
Use the copy command to copy the certificates to the preferred directory (default is /etc/ssl/certs).

Note
Note the filepath for each certificate, which is used to configure the remote logging server to use TLS encryption.
Run the chmod command to set file permissions to 0644 on each certificate.