Right, that makes more sense for the title and I would agree with you that it’s not accepting the certificate but I placed it in the keystore:
[root@hpctest-graylog ~]# keytool -keystore /etc/pki/ca-trust/extracted/java/cacerts.jks -storepass changeit -list | grep graylog-self-signed -A1
graylog-self-signed, Mar 5, 2020, trustedCertEntry,
Certificate fingerprint (SHA1): 58:FF:37:A9:85:DA:B5:5E:EA:70:45:FB:C8:50:65:05:74:43:B4:20
Also, I did place my internal CA signed certificate in the keystore as well but was experiencing the same issue. I read here that it needs to have the IP address of the server in order for everything to work. It’s almost like the startup file isn’t using the right keystore, even though I specify the correct one in my startup script.
[EDIT]
Also, I don’t understand how the inputs can say “not running” in the web interface while I still receive messages from those inputs.