I’ve created a CSR and sent it to our Enterprise team to generate and give me a domain certificate in order to secure our (local) graylog instance. The certificate came, I copied it to /etc/graylog/server/ and modified the server.conf file which looks like this:
is_master = true node_id_file = /etc/graylog/server/node-id password_secret = qJHQGEN5z01IHf2sY7MniWq6BndLfTfzOTZlT43qLa7Ca0u2zvgzGnrBW6v0vid0 root_username = admin root_password_sha2 = a0df6bddf0281d67cd401c70e6dc2570150217f66e73bdb64c8004076b7435ca root_timezone=Europe/Bucharest timezone="Europe/Bucharest" plugin_dir = /usr/share/graylog-server/plugin rest_listen_uri = http://log01.unit.corp:12900/ rest_enable_tls = true rest_tls_cert_file = /etc/graylog/server/log01.pem rest_tls_key_file = /etc/graylog/server/log01.key web_tls_key_file = /etc/graylog/server/log01.key web_enable_tls = true web_enable = true web_listen_uri = http://log01.unit.corp:9000/ web_tls_cert_file = /etc/graylog/server/log01.pem rotation_strategy = time elasticsearch_max_number_of_indices = 14 elasticsearch_max_time_per_index = 12h retention_strategy = delete elasticsearch_shards = 4 elasticsearch_replicas = 0 elasticsearch_index_prefix = graylog allow_leading_wildcard_searches = false allow_highlighting = false elasticsearch_cluster_name = clj-els elasticsearch_discovery_zen_ping_multicast_enabled = false elasticsearch_discovery_zen_ping_unicast_hosts = 127.0.0.1:9300 elasticsearch_analyzer = standard output_batch_size = 500 output_flush_interval = 1 output_fault_count_threshold = 5 output_fault_penalty_seconds = 30 processbuffer_processors = 5 outputbuffer_processors = 3 processor_wait_strategy = blocking ring_size = 65536 inputbuffer_ring_size = 65536 inputbuffer_processors = 2 inputbuffer_wait_strategy = blocking message_journal_enabled = true message_journal_dir = /var/lib/graylog-server/journal lb_recognition_period_seconds = 3 mongodb_uri = mongodb://localhost/graylog mongodb_max_connections = 1000 mongodb_threads_allowed_to_block_multiplier = 5 content_packs_dir = /usr/share/graylog-server/contentpacks content_packs_auto_load = grok-patterns.json
The CSR have been generated like this:
openssl req -new -sha256 -nodes -out ./log01.unit.corp.csr -newkey rsa:4096 -keyout ./log01.unit.corp.key -config csr_details.txt
After the graylog-server restart, the graylog is available and works on chrome, but it doesn’t work on firefox or IE.
The errors I get in Firefox is:
We are experiencing problems connecting to the Graylog server running on https://log01.unit.corp:12900/. Please verify that the server is healthy and working correctly. You will be automatically redirected to the previous page once we can connect to the server. This is the last response we received from the server: Error message Request has been terminated Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc. Original Request GET https://log01.unit.corp:12900/system/sessions Status code undefined Full error message Error: Request has been terminated Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc.
Any idea why?