Thanks for using the TrueNAS Community Edition issue tracker! TrueNAS Enterprise users receive direct support for their reports from our support portal.

Require certificate, not CA for syslog TLS configuration

Description

The syslog API does not make sense when using a certificate created from a root CA, in this case Let’sEncrypt. Practically a CA should not be required if it’s in the trusted store, and mako conf symlinks the CA to the root dir, which shouldn’t be necessary if it’s already there.

To get a TNC certificarte to work, I have to create a bogus, self-signed CA unrelated to the cert and have MW symlink it for no reason.

Problem/Justification

Main benefit is to use the TrueNAS Connect cert for syslog configuration Also to remove unnecessary restrictions

Impact

None

Activity

Show:

Andrew Walker February 22, 2025 at 1:13 AM
Edited

NOTE: We should not be collecting people’s syslog in current TrueNAS and storing on iX servers. It can contain very sensitive information including sudo audit details. This should not be put into product without careful consideration. IIRC this design was already NAKed by engineering.

Bug Clerk February 21, 2025 at 9:05 PM

This issue has now been closed. Comments made after this point may not be viewed by the TrueNAS Teams. Please open a new issue if you have found a problem or need to re-engage with the TrueNAS Engineering Teams.

Andrew Walker February 21, 2025 at 9:05 PM

Mark Grimes already has a ticket to rework this.

Duplicate
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Effort to Implement (if applicable)

Components

Fix versions

Priority

More fields

Katalon Platform

Created February 21, 2025 at 4:49 PM
Updated February 22, 2025 at 1:14 AM
Resolved February 21, 2025 at 9:05 PM