Blue Coat does not support sending feeds to a hostname, only to the IP address. So the Skyhigh Cloud Connector certificate, (the browser certificate) imported to Blue Coat will cause a mismatch with the Common Name. This topic provides instructions to configure Syslog over TLS for Blue Coat.
Upgrade to the latest version of Skyhigh Cloud Connector, version 5.0.0 or later.
Configure Syslog over TLS for Blue Coat
- Get the custom certificate with Common Name as Cloud Connector Symbolic Server Name and IP Address of the Cloud Connector Server in Subject Alternative Name of the certificate.
- If the current password from the crypt file is not known, change it using the command:
./shnlpcli --newPass your_new_pass
- Create a new keystore in the Syslog server using the command:
- The new keystore (syslogKeyStore.jks) is created in the EC_Home Directory, and the Syslog service uses the new empty key store in TCP+TLS mode.
- Before you start the syslog service, import the certificate using the command:
keytool -import -trustcacerts -keystore $EC_Home/syslogKeyStore.jks -storepass <xxxxx> -alias <xxxxxxx> -file <Certificate-Path>