Hi all.
I’ve created a CSR and sent it to our Enterprise team to generate and give me a domain certificate in order to secure our (local) graylog instance. The certificate came, I copied it to /etc/graylog/server/ and modified the server.conf file which looks like this:
is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = qJHQGEN5z01IHf2sY7MniWq6BndLfTfzOTZlT43qLa7Ca0u2zvgzGnrBW6v0vid0
root_username = admin
root_password_sha2 = a0df6bddf0281d67cd401c70e6dc2570150217f66e73bdb64c8004076b7435ca
root_timezone=Europe/Bucharest
timezone="Europe/Bucharest"
plugin_dir = /usr/share/graylog-server/plugin
rest_listen_uri = http://log01.unit.corp:12900/
rest_enable_tls = true
rest_tls_cert_file = /etc/graylog/server/log01.pem
rest_tls_key_file = /etc/graylog/server/log01.key
web_tls_key_file = /etc/graylog/server/log01.key
web_enable_tls = true
web_enable = true
web_listen_uri = http://log01.unit.corp:9000/
web_tls_cert_file = /etc/graylog/server/log01.pem
rotation_strategy = time
elasticsearch_max_number_of_indices = 14
elasticsearch_max_time_per_index = 12h
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_cluster_name = clj-els
elasticsearch_discovery_zen_ping_multicast_enabled = false
elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300
elasticsearch_analyzer = standard
output_batch_size = 500
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://localhost/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json
The CSR have been generated like this:
openssl req -new -sha256 -nodes -out ./log01.unit.corp.csr -newkey rsa:4096 -keyout ./log01.unit.corp.key -config csr_details.txt
After the graylog-server restart, the graylog is available and works on chrome, but it doesn’t work on firefox or IE.
The errors I get in Firefox is:
We are experiencing problems connecting to the Graylog server running on https://log01.unit.corp:12900/. Please verify that the server is healthy and working correctly.
You will be automatically redirected to the previous page once we can connect to the server.
This is the last response we received from the server:
Error message
Request has been terminated
Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc.
Original Request
GET https://log01.unit.corp:12900/system/sessions
Status code
undefined
Full error message
Error: Request has been terminated
Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc.
Any idea why?
Thank you!
Gabriel
