We are working on the configuration of TLS rsyslog service encryption and decided to try with a self-signed certificate. We walked through this manual: RSyslog Documentation - rsyslog (created a CA, issued certificates, keys, etc.) but had no success. We did the configuration only on the server side (log forwarder) and not on the client. The log source is a Cortex XDR cloud platform, so we cannot configure anything on its side.
From the Cortex XDR manual:
"If your Syslog receiver uses a self-signed CA, Browseand upload your self-signed Syslog receiver CA."
We uploaded the certificate, but it doesn't. work. Cortex XDR cannot verify the connection.
Forwarding unencrypted logs works perfectly.
Has anybody configured TLS rsyslog? I would kindly appreciate any advice on it.