Hello,
I had a Smoothwall 3.1
firewall running for about 20 years that bit the dust last week. I’ve replaced it with an f40 server system with 4 NICs (internal LAN/wifi, dmz, home automation and external cable modem). I’ve got things working for the most part, using source address specified on the three private NICs and masquerading on the external NIC. The external NIC is a 2.5Gbit card that wasn’t inherently supported on smoothie, so I decided to just install Fedora on the replacement firewall.
I believe I have everything converted correctly from iptables to firewalld. This does let me retire rsyslogd
and switch to systemd-journal-remote
and systemd-journal-upload
. My question is can I use the freeipa
certificate located in /etc/pki/tls/cert.pem
as the systemd-journal-remote
and systemd-journal-upload
ServerCertificateFile=
key value? If so, how do I get the key file out of NSS?
I’ve done an initial test with self-signed, but upload fails to connect because it’s self-signed. I’d ideally prefer being able to use the FreeIPA client certificates for the journal transfers, but if that’s not practical, do I need to create a FreeIPA service certificate just for the upload-remote host (central server) or do I have to create service certs for all hosts?
Thanks,
Eric