Install TLS Encryption Certificates

Before you begin

The NPB application supports remote logging on Linux, Mac, or Windows operating systems, and the following commands are Linux-specific. Refer to the documentation for the Rsyslog utility for your operating system, as needed.

About this task

Perform this procedure to install the three certificates required for using TLS encryption for remote logging. To optionally enable TLS encryption over TCP, you must generate and install three certificates on the remote logging server to enable TLS encryption over TCP. All three certificates are in PEM format:

CA certificate
Machine key certificate
Machine key

Note

The Rsyslog client that sends syslogs to the remote logging server, needs only the current CA certificate on the device.

Procedure

Generate the three required certificates, using the instructions at the following Rsylog locations:
- https://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_ca.html
- https://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_machine.html
Use the copy command to copy the certificates to the preferred directory (default is /etc/ssl/certs).

Note
Note the filepath for each certificate to configure the remote logging server to use TLS encryption.
Run the chmod command to set file permissions to 0644 on each certificate.