Changed to New SSL Cert, Issues with Collector and Web Front End

martineznet · January 14, 2019, 6:07pm

My SSL cert expired so I created a new one but kept the old name. Even after restarting the webserver I am having the below two issues:

Web server front end still using old cert even though I made sure to make sure the new cert was placed in the same location that graylog.conf is pointing to with the same name.
I am able to connect my servers to collector-sidecar and receive logs with the new cert (I updated the JVM store). I can see my logs show up fine within the Graylog UI but I am still receiving the below errors.

time=“2019-01-10T19:44:02-05:00” level=info msg=“Stopping signal distributor”
time=“2019-01-10T19:44:02-05:00” level=info msg="[filebeat] Stopping"
time=“2019-01-10T19:44:02-05:00” level=info msg="[winlogbeat] Stopping"
time=“2019-01-10T19:45:13-05:00” level=info msg=“Starting signal distributor”
time=“2019-01-10T19:45:13-05:00” level=info msg="[filebeat] Starting (exec driver)"
time=“2019-01-10T19:45:13-05:00” level=info msg="[winlogbeat] Starting (exec driver)"
time=“2019-01-10T19:45:23-05:00” level=info msg="[winlogbeat] Configuration change detected, rewriting configuration file."
time=“2019-01-10T19:45:26-05:00” level=info msg="[winlogbeat] Stopping"
time=“2019-01-10T19:45:26-05:00” level=info msg="[filebeat] Configuration change detected, rewriting configuration file."
time=“2019-01-10T19:45:27-05:00” level=info msg="[filebeat] Stopping"
time=“2019-01-10T19:45:29-05:00” level=info msg="[winlogbeat] Starting (exec driver)"
time=“2019-01-10T19:45:30-05:00” level=info msg="[filebeat] Starting (exec driver)"
time=“2019-01-11T01:03:56-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"
time=“2019-01-11T01:04:16-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"
time=“2019-01-11T01:04:27-05:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/collectors/68641001-530f-494b-88f9-6800eecdb3e7: EOF"
time=“2019-01-11T01:04:36-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"
time=“2019-01-11T01:04:47-05:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/collectors/68641001-530f-494b-88f9-6800eecdb3e7: net/http: TLS handshake timeout"
time=“2019-01-11T01:04:56-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"
time=“2019-01-11T01:05:07-05:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/collectors/68641001-530f-494b-88f9-6800eecdb3e7: net/http: TLS handshake timeout"
time=“2019-01-11T01:05:16-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"
time=“2019-01-11T01:05:27-05:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/collectors/68641001-530f-494b-88f9-6800eecdb3e7: net/http: TLS handshake timeout"
time=“2019-01-11T01:05:36-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"
time=“2019-01-11T01:05:47-05:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/collectors/68641001-530f-494b-88f9-6800eecdb3e7: net/http: TLS handshake timeout"
time=“2019-01-11T01:05:56-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"
time=“2019-01-11T01:06:07-05:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/collectors/68641001-530f-494b-88f9-6800eecdb3e7: net/http: TLS handshake timeout"
time=“2019-01-11T01:06:16-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"

I have already looked at this document. http://docs.graylog.org/en/2.5/pages/configuration/https.html

Anybody ever change out their cert before? If so, what did you have to change to get everything working as it was?

jan · January 14, 2019, 6:59pm

I change the cert regular, but I have my internal CA.

Do you have that in your environment too? if you not all clients need to trust the certificate. In addition did you try to restart the failing clients?

martineznet · January 14, 2019, 7:34pm

Yes, I import all the certificates to the servers.

I have already had a previous cert that was working fine on my clients. I just decided to change it out and I reimported the new cert in. That definitely did something because before the client log was complaining about it couldn’t connect due to expired ssl cert and it would not generate the xml file. Now it connects and generates the xml file with the configuration but I am still seeing the above log lines which is baffling to me.

All my certs are self-signed… In order to connect the client I changed the skip-verify entry in the configuration xml to true. That works but still the log lines above with errors.

system · January 28, 2019, 7:34pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Collector_sidecar failed to send data to Graylog application Graylog Central (peer support) sidecar , nxlog , filebeat-linux , nodatanx , send-csv-logsnx , nosendlogfblx	9	3658	December 28, 2017
SSL issues with beats input Graylog Central (peer support) sidecar , winlogbeat	3	1927	September 30, 2020
Winlogbeats andTLS/SSL Confusion Graylog Central (peer support) sidecar , winlogbeat	3	1159	June 4, 2021
Certificate based client authentication not working in graylog Graylog Central (peer support) sidecar , nxlog , filebeat-windows , winlogbeat , nodatanx	4	2101	March 1, 2018
Sidecars won't work after setting up https Graylog Central (peer support) sidecar , winlogbeat	4	1110	July 21, 2021

Changed to New SSL Cert, Issues with Collector and Web Front End

Related topics