Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1321
Views
4
Helpful
6
Replies

Duologsync with TCPSSL: what is cert_filepath?

Go to solution
Matt Wilks
Level 1
Level 1

‎06-24-2022 05:38 AM

Trying to configure GitHub - duosecurity/duo_log_sync to pull logs out of Duo to our non-splunk SIEM. I would like to use the TCPSSL protocol, but can’t figure out what the “cert_filepath” directive should point to. The docs say:

# Location of the certificate file used for encrypting communication for
# TCPSSL. TCPSSL expects that there are .key and .cert files that store keys. For configuration,
# give path of .cert/.pem file that has keys
# REQUIRED only if protocol is TCPSSL

Usually I don’t see keys and certs stored in the same file. What is the service expecting here? I have tried supplying the server certificate for our SIEM, but that didn’t work.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Matt Wilks
Level 1
Level 1

‎06-29-2022 08:00 AM

That’s a helpful tool, thanks Kristina! Got it to work with the full CA chain in one file. Thanks!

View solution in original post

6 Replies 6

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎06-24-2022 09:25 AM

I have tried supplying the server certificate for our SIEM, but that didn’t work.

Reading through the config template it seems like it should be the cert used to establish the SSL connection to your SIEM. Is your SIEM’s cert self-signed? If not, try providing the full CA chain’s certs in PEM format in the cert file (append multiple cert entries into a single .cert/.pem file).

Duo, not DUO.

Go to solution
Matt Wilks
Level 1
Level 1

‎06-27-2022 08:58 AM

I’ve tried just the CA chain, CA chain + server cert and the reverse of that, server cert + CA chain. None of them seem to work.

0 Helpful

Go to solution
pgp
Level 1
Level 1
In response to Matt Wilks

‎06-27-2022 03:06 PM

Looking at the code, the only place cert_filepath is used is to set up the ssl connection context (ssl — TLS/SSL wrapper for socket objects — Python 3.10.5 documentation) to your server, passing it as the cafile parameter. And @DuoKristina said what the format of the file should be.

If this is on a Windows system, maybe the line endings in the file need changed?

-Phil

0 Helpful

Go to solution
DuoKristina
Cisco Employee
Cisco Employee
In response to Matt Wilks

‎06-28-2022 04:53 AM

We have a little certificate verification tool that might help. If you run acert against your SIEM host’s port 636, it will spit out the CA chain in PEM format. You could try copying the cert info from acert’s output into the file you specify for cert_filepath to eliminate any possible issue with exporting the chain.

Duo, not DUO.
0 Helpful

Go to solution
Matt Wilks
Level 1
Level 1

‎06-29-2022 08:00 AM

That’s a helpful tool, thanks Kristina! Got it to work with the full CA chain in one file. Thanks!

Go to solution
DuoKristina
Cisco Employee
Cisco Employee
In response to Matt Wilks

‎06-29-2022 03:00 PM

Glad it helped you get this working!

Duo, not DUO.
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents