"TLS handshake with server failed extra data given to DerValue constructor" error in CDL Log Forwarding

"TLS handshake with server failed extra data given to DerValue constructor" error in CDL Log Forwarding

2625
Created On 12/19/22 04:10 AM - Last Modified 04/12/24 02:17 AM


Symptom


  • Syslog forwarding configured on Cortex Data Lake.
  • Initiate Test Connection.
  • Error "TLS handshake with server failed extra data given to DerValue constructor" is seen.
log-fwd.png
 

Environment


  • Cortex Data Lake App (Strata Logging Service)
  • Log Forwarding 
  • Syslog

Cause


This error will be seen when the logging service fails to validate the target Server certificate.

Resolution


  1. Confirm the configured server certificate meets all the necessary requirements
  • certificate has valid chains
  • certificate has OCSP/CRL details
  • certificate has SAN details
  • not expired
  • not revoked (there is reachability to OCSP/CRL URI and it replies correct response)
  • server does not request a client cert authentication
  1. For details Refer Forward Logs from Cortex Data Lake to a Syslog Server and Server Certificate Validation 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kFiGCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail