diff --git a/src/opnsense/scripts/syslog/generate_certs b/src/opnsense/scripts/syslog/generate_certs index ac8730ce2..69ec0a4f8 100755 --- a/src/opnsense/scripts/syslog/generate_certs +++ b/src/opnsense/scripts/syslog/generate_certs @@ -45,9 +45,6 @@ foreach ((new OPNsense\Syslog\Syslog())->destinations->destination->iterateItems if ($cert_refid == (string)$cert->refid) { file_put_contents("/usr/local/etc/syslog-ng/cert.d/{$dest_key}.key", base64_decode((string)$cert->prv)); file_put_contents("/usr/local/etc/syslog-ng/cert.d/{$dest_key}.crt", base64_decode((string)$cert->crt)); - $cert = (array)$cert; - $ca = ca_chain($cert); - file_put_contents("/usr/local/etc/syslog-ng/cert.d/{$dest_key}.ca", (string)$ca); } } } @@ -57,7 +54,7 @@ foreach ((new OPNsense\Syslog\Syslog())->destinations->destination->iterateItems foreach (glob("/usr/local/etc/syslog-ng/cert.d/*") as $filename) { $instance = explode(".", basename($filename))[0]; $ext = pathinfo($filename)['extension']; - if (!in_array($instance, $instances) && in_array($ext, ['crt', 'key', 'ca'])) { + if (!in_array($instance, $instances) && in_array($ext, ['crt', 'key'])) { unlink($filename); } } diff --git a/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-destinations.conf b/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-destinations.conf index 5c0c8569f..ca3a9db55 100644 --- a/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-destinations.conf +++ b/src/opnsense/service/templates/OPNsense/Syslog/syslog-ng-destinations.conf @@ -38,7 +38,7 @@ destination d_{{dest_key}} { ip-protocol({{destination.transport[3]}}) persist-name("{{dest_key}}") tls( - ca-file("/usr/local/etc/syslog-ng/cert.d/{{dest_key}}.ca") + ca-file("/etc/ssl/cert.pem") key-file("/usr/local/etc/syslog-ng/cert.d/{{dest_key}}.key") cert-file("/usr/local/etc/syslog-ng/cert.d/{{dest_key}}.crt") )