Hello all,
We have a very basic one node setup on a Centos 8 server, my Graylog version is v3.2.4. I’m trying to configure active directory authentication. Our AD requires signing, and the certs are placed where they belong (/etc/openldap/certs), and with other web applications, they work fine.
When I test the AD connection in Graylog (settings are starttls and allow self-signed certificates), I get the following error: “Failed to initialize the SSL context.”, which is not much, but in the server.log, I found this: "java.security.cert.CertPathValidatorException: Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: . Usage was tls server ".
Based on this, I changed all disabledAlgorithms line in “/etc/java/java-1.8.0-openjdk/java-1.8.0-openjdk-1.8.0.242.b08-0.el8_1.x86_64/lib/security/java.security”, and I did not find such settings anywhere else, but it had no effect, so now I’m really stuck. Can anyone please help me where can I find these settings for graylog’s jvm? In /etc/sysconfig/graylog-server I did not find anything related.
If possible, I’d like to avoid changing the domain controllers certificate.
Thank you