Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!
1. Describe your incident:
Hello, we changed Graylog version to Graylog Open 4.2 to Graylog Enterprise 4.2.1-1-jre11.
When we try to access to Enterprise/Archiving we got this error :
Could not retrieve the archive catalog
Fetching archive catalog failed: Hostname 172.20.0.4 not verified: certificate: sha256/K8om+DtaW8ymAuVnUoU7g7lSNY1mpCgI06ybNHqeu1I= DN: EMAILADDRESS=exploitation_dsi@trapil.com, CN=graylog.si.trapil.intra, OU=DSI, O=TRAPIL, L=PARIS, ST=PARIS, C=FR subjectAltNames: [graylog.si.trapil.intra]
The HTTPS certificate is added to java keystore with the keytool command in graylog docker image and elasticsearch docker image.
2. Describe your environment:
- OS Information:
Red Hat Enterprise Linux 8.4 (Ootpa)
With docker
- Package Version:
Mongo : mongo:4.2
Elasticsearch : docker.elastic.co/elasticsearch/elasticsearch-oss:7.10.2
Graylog : graylog/graylog-enterprise:4.2.1-1-jre11
- Service logs, configurations, and environment variables:
Here is error in docker-compose logs :
graylog_1 | certificate: sha256/K8om+DtaW8ymAuVnUoU7g7lSNY1mpCgI06ybNHqeu1I=
graylog_1 | DN: EMAILADDRESS=exploitation_dsi@trapil.com, CN=graylog.si.trapil.intra, OU=DSI, O=TRAPIL, L=PARIS, ST=PARIS, C=FR
graylog_1 | subjectAltNames: [graylog.si.trapil.intra]
graylog_1 | 2021-11-23 18:35:45,459 WARN : org.graylog2.shared.rest.resources.ProxiedResource - Unable to call https://172.20.0.4:9000/api/system/metrics/multiple on node <ba97fc3f-97fa-4b52-b3c2-f3bccb5d446c>: Hostname 172.20.0.4 not verified:
3. What steps have you already taken to try and solve the problem?
I tried to add full certificate chain to java keystore but error is still there :
keytool -importcert -keystore /DATA/APP/docker/volumes/graylog_graylog_jdk_security/_data/cacerts -storepass changeit -alias graylog.si.trapil.intra -file /DATA/APP/docker/volumes/graylog_graylog_config/_data/graylog.si.trapil.intra.pem
keytool -importcert -keystore /DATA/APP/docker/volumes/graylog_graylog_jdk_security/_data/cacerts -storepass changeit -alias trapil-root-ca -file /DATA/APP/docker/volumes/graylog_graylog_config/_data/trapil-root-ca.pem
keytool -importcert -keystore /DATA/APP/docker/volumes/graylog_es_jdk_security/_data/cacerts -storepass changeit -alias graylog.si.trapil.intra -file /DATA/APP/docker/volumes/graylog_graylog_config/_data/graylog.si.trapil.intra.pem
keytool -importcert -keystore /DATA/APP/docker/volumes/graylog_es_jdk_security/_data/cacerts -storepass changeit -alias trapil-root-ca -file /DATA/APP/docker/volumes/graylog_graylog_config/_data/trapil-root-ca.pem
4. How can the community help?
Please help me to fix this error.