When enabling SSL/TLS for syslog forwarding in Aria Operations for Logs, the connection fails.

Symptoms include:

• The "Test Connection" button may fail in the UI.
• Logs are not received by the destination server.
• The runtime.log on the Aria Operations for Logs node contains the following error:

javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

Aria Operations for Logs 8.x

The destination syslog server is presenting a certificate that is not trusted by Aria Operations for Logs. This typically occurs because the full certificate chain (Server Certificate > Intermediate CA > Root CA) is not imported or available in the Aria Operations for Logs trust store.

To resolve this issue, you must export the full certificate chain from the destination syslog server and import it into Aria Operations for Logs.

Prerequisite:

Obtain the full certificate chain from your syslog server administrator. The file must be in PEM format (Base64 ASCII) and typically named syslog-full-chain.pem. It must contain the certificates in the following order:

1. Server Certificate
2. Intermediate CA Certificate(s)
3. Root CA Certificate (Optional, but recommended if not already trusted)

Steps:

1. Log in to the Aria Operations for Logs user interface as an administrator.
2. Navigate to Management > Log Forwarding.
3. Select the specific forwarding destination that is failing.
4. Locate the SSL/TLS configuration section (often a checkbox or certificate upload field).
5. Remove the existing certificate if one is present.
6. Upload the syslog-full-chain.pem file you obtained in the prerequisite step.
7. Click Test Connection to verify that the error is resolved.
8. Save the configuration.

Validation:

• You can verify the certificate chain presented by the syslog server from a Linux host using the following command:

openssl s_client -connect <syslog_server_fqdn>:6514 -showcerts