Certificate Expired - Need a quick fix

We have an old Graylog machine (v2.3) on which our certificate has expired. The server is still running, collecting logs, sending alerts. We just can’t access it. It’s running in a small environment.

I have had limited exposure to this system and I’m not ready to dig into certificates today - I just urgently need to get back in via the browser. Could anyone point me in the right direction on how I would just quickly remove the certs and regain access with http instead of https? I suspect it has to be done on multiple levels - ie java has its own cert?

Thanks in advance

Hello,

If you have a reverse proxy nxginx/apache etc… you either need to reconfigure it or turn it off. This would depend on your environment.

Below is an example of my Graylog 2.3 configuration file I used to connect using my IP Address. Your main concern is the following lines unless you have encryption for your MongoDb or Elasticsearch.

rest_listen_uri = http://ipaddress:9000/api/
rest_transport_uri = http://ipaddress:9000/api/
web_listen_uri = http://ipaddress:9000/

This is an example of what it should look like.

Graylog_2.3_server.conf
[root@graylog tmp]# grep -v "^#\|^$" server.conf
is_master = true
node_id_file = /etc/graylog/server/node-id
password_secret = FxwOFsKdr3D2fDEmFRqqbgn1vCwuMB6pf21EWD3KGJ8PUFhJKV0oYLrE1LyINLsOhQB7DhkUDDMNtAwHLsoCoRWfXVW8YA0S
root_password_sha2 = 89e01536ac207279409d4de1e5253e01f4a1769e696db0d6062ca9b8f56767c8
plugin_dir = /usr/share/graylog-server/plugin
rest_listen_uri = http://ipaddress:9000/api/
rest_transport_uri = http://ipaddress:9000/api/
web_listen_uri = http://ipaddress:9000/
rotation_strategy = count
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
retention_strategy = delete
elasticsearch_shards = 4
elasticsearch_replicas = 0
elasticsearch_index_prefix = graylog
allow_leading_wildcard_searches = false
allow_highlighting = false
elasticsearch_network_host = ipaddress
elasticsearch_analyzer = standard
outputbuffer_processors.
output_flush_interval = 1
output_fault_count_threshold = 5
output_fault_penalty_seconds = 30
processbuffer_processors = 5
outputbuffer_processors = 3
processor_wait_strategy = blocking
ring_size = 65536
inputbuffer_ring_size = 65536
inputbuffer_processors = 2
inputbuffer_wait_strategy = blocking
message_journal_enabled = true
message_journal_dir = /var/lib/graylog-server/journal
lb_recognition_period_seconds = 3
mongodb_uri = mongodb://localhost/graylog
mongodb_max_connections = 1000
mongodb_threads_allowed_to_block_multiplier = 5
content_packs_dir = /usr/share/graylog-server/contentpacks
content_packs_auto_load = grok-patterns.json
proxied_requests_thread_pool_size = 32

This was my URL

http://ipaddress:9000

Don’t forget to restart Graylog server service after commenting out your TLS line in the GL configuration file.

Hope that helps

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.