Active directory authentication

Hello all,

We have a very basic one node setup on a Centos 8 server, my Graylog version is v3.2.4. I’m trying to configure active directory authentication. Our AD requires signing, and the certs are placed where they belong (/etc/openldap/certs), and with other web applications, they work fine.

When I test the AD connection in Graylog (settings are starttls and allow self-signed certificates), I get the following error: “Failed to initialize the SSL context.”, which is not much, but in the server.log, I found this: " Algorithm constraints check failed on keysize limits. RSA 1024bit key used with certificate: . Usage was tls server ".

Based on this, I changed all disabledAlgorithms line in “/etc/java/java-1.8.0-openjdk/java-1.8.0-openjdk-”, and I did not find such settings anywhere else, but it had no effect, so now I’m really stuck. Can anyone please help me where can I find these settings for graylog’s jvm? In /etc/sysconfig/graylog-server I did not find anything related.

If possible, I’d like to avoid changing the domain controllers certificate.

Thank you

he @Tonkaize

just a guessing - the JVM Settings of CentOS 8 might not allow such a weak Key.

Check crypto-policies in CentOS 8 for java.

That solved the problem, thank you very much.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.