Server Certificate Validation
Focus
Focus
Strata Logging Service

Server Certificate Validation

Table of Contents

Server Certificate Validation

These are the steps Strata Logging Service takes to ensure that a log receiver has a valid certificate.
Where Can I Use This?What Do I Need?
One of these:
Strata Logging Service secures your log data by ensuring that the server you specify to receive your logs is trusted and legitimate.
When you configure syslog or HTTPS forwarding, Strata Logging Service ensures that your log data arrives safely to its intended destination by verifying the certificate on the receiving server. For maximum security, Strata Logging Service performs multiple validity checks:
Strata Logging Service checks...to verify that...
Third-Party CA-Signed Certificates
The server has the full certificate chain. If the root CA is in the list of trusted CAs, you do not need to upload any CAs from the certificate chain. If the root CA is not in the list of trusted CAs, you need to upload the root CA to Strata Logging Service.
OR
The server has the server certificate and one or more intermediate CAs. If the root CA is in the list of trusted CAs, you do not need to upload any CAs from the certificate chain. If the root CA is not in the list of trusted CAs, you need to upload the root CA to Strata Logging Service.
OR
The server has only the server certificate. If the root CA is in the list of trusted CAs, then you need to upload only the intermediate CAs (one or multiple) to Strata Logging Service. If the root CA is not in the list of trusted CAs, you need to upload the root CA and one or more intermediate CAs to Strata Logging Service.
Private CA-Signed Certificates
The server has the full certificate chain, and only the root CA is uploaded to Strata Logging Service.
OR
The server has the server certificate and one or more intermediate CAs, and the root CA is uploaded to Strata Logging Service.
OR
The server has the server certificate only; the root CA and one or more intermediate CAs are uploaded to Strata Logging Service.
Self-Signed Certificates
The certificate is installed on the server and uploaded to Strata Logging Service.
ExpirationNone of the certificates in the chain have expired.
Host Name MatchThe value entered for the Syslog Server name matches the Subject Alternative Name (SAN) of the server certificate.
Revocation StatusNone of the certificates in the chain have been revoked by its issuing CA.