Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1162
Views
2
Helpful
10
Replies

Cisco Secure Email Gateway Syslog over TLS not working

arwho
Level 1
Level 1

‎01-07-2025 08:47 AM

Hello Community,

I'd like to activate syslog via TLS on Cisco Secure Email gateway.

Unfortunately it does not work and fails with the error “Error in validating peerserver certificate.” & "unable to get local issuer certificate.“.

I‘ve done the following:

  1. created & uploaded a custom gateway certificate (*.p12) from internal CA and set the intermediate CA root certificate

  2. uploaded our internal custom root CA certificate on the gateway to the custom CA list

  3. created log subscription and set target host

Do I need to consider further options or have I done something wrong?

I can rule out a misconfiguration on the syslog server, because TLS already works fine with other systems.

Thanks for helping!

Greetings!

Labels:
0 Helpful
10 Replies 10

Ken Stieers
VIP
VIP

‎01-07-2025 09:02 AM

Upload the intermediate CA root cert for your internal CA into the custom CA list as well.

0 Helpful

arwho
Level 1
Level 1
In response to Ken Stieers

‎01-07-2025 10:04 AM

Sorry, my mistake.

We do not have an intermediate CA in this case. I've removed it. 

Device certificate was issued directly by our root CA. 

Unfortunately, the error still exists.

0 Helpful

Ken Stieers
VIP
VIP
In response to arwho

‎01-07-2025 10:13 AM

What cert is on the Syslog server?

arwho
Level 1
Level 1

‎01-07-2025 10:57 AM - edited ‎01-07-2025 11:31 AM

Thank you! I think that's the problem.

There is a certificate from another CA. 

I'll check this and get back to you.

0 Helpful

khuspeshubham
Level 1
Level 1

‎01-09-2025 07:47 AM

I want to configure my Cisco Email Gateway to Send logs over TLS to syslog server can you please tell me which certificate to place on email gateway and which one to place on syslog server?

Anyone worked on such scenario.

0 Helpful

Ken Stieers
VIP
VIP
In response to khuspeshubham

‎01-09-2025 08:02 AM

So you need to think of the syslog server like a web server, and the ESA as the client.
You're issuing a cert to the syslog server, so it will need the cert and its chain (intermediate if you have one, and root) installed. This cert probably needs to have server name/IP on it like you'd do for a web server.
Then the client (the ESA) has to trust certs issued by the CA, so you add the CA root to the custom store.
Which Syslog server are you using?

khuspeshubham
Level 1
Level 1

‎01-09-2025 08:13 AM

Im forwarding logs from Cisco ESA to Qradar on port 6514. 

I created self signed cert. imported CA in ESA using gui in PKCS#12 format.

At Qradar side i uploaded Server certificate and private key.

 

khuspeshubham_0-1736439084846.png

but still im getting below error on syslog server. 

An IOException occurred during SSL Socket Handshake with /103.161.xx.xx:4262 Closing socket

 

0 Helpful

khuspeshubham
Level 1
Level 1

‎01-09-2025 08:22 AM

Uploaded Self-signed CA Certificate Showing in Appliance Certificates on ESA in Network > Certificates > Appliance Certificates.

is it normal.

0 Helpful

arwho
Level 1
Level 1

‎01-09-2025 01:52 PM

The gateway's certificate was signed by the wrong CA and I also uploaded the wrong root certificate. TLS is now working. Thank you!

0 Helpful

khuspeshubham
Level 1
Level 1
In response to arwho

‎01-09-2025 06:18 PM

@arwho how you made this setup work. Which certificate you installed on syslog server. And which certificates you installed on Cisco Email Gateway 

0 Helpful
Customers Also Viewed These Support Documents