Changed to New SSL Cert, Issues with Collector and Web Front End

My SSL cert expired so I created a new one but kept the old name. Even after restarting the webserver I am having the below two issues:

  1. Web server front end still using old cert even though I made sure to make sure the new cert was placed in the same location that graylog.conf is pointing to with the same name.
  2. I am able to connect my servers to collector-sidecar and receive logs with the new cert (I updated the JVM store). I can see my logs show up fine within the Graylog UI but I am still receiving the below errors.

time=“2019-01-10T19:44:02-05:00” level=info msg=“Stopping signal distributor”
time=“2019-01-10T19:44:02-05:00” level=info msg="[filebeat] Stopping"
time=“2019-01-10T19:44:02-05:00” level=info msg="[winlogbeat] Stopping"
time=“2019-01-10T19:45:13-05:00” level=info msg=“Starting signal distributor”
time=“2019-01-10T19:45:13-05:00” level=info msg="[filebeat] Starting (exec driver)"
time=“2019-01-10T19:45:13-05:00” level=info msg="[winlogbeat] Starting (exec driver)"
time=“2019-01-10T19:45:23-05:00” level=info msg="[winlogbeat] Configuration change detected, rewriting configuration file."
time=“2019-01-10T19:45:26-05:00” level=info msg="[winlogbeat] Stopping"
time=“2019-01-10T19:45:26-05:00” level=info msg="[filebeat] Configuration change detected, rewriting configuration file."
time=“2019-01-10T19:45:27-05:00” level=info msg="[filebeat] Stopping"
time=“2019-01-10T19:45:29-05:00” level=info msg="[winlogbeat] Starting (exec driver)"
time=“2019-01-10T19:45:30-05:00” level=info msg="[filebeat] Starting (exec driver)"
time=“2019-01-11T01:03:56-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"
time=“2019-01-11T01:04:16-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"
time=“2019-01-11T01:04:27-05:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/collectors/68641001-530f-494b-88f9-6800eecdb3e7: EOF"
time=“2019-01-11T01:04:36-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"
time=“2019-01-11T01:04:47-05:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/collectors/68641001-530f-494b-88f9-6800eecdb3e7: net/http: TLS handshake timeout"
time=“2019-01-11T01:04:56-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"
time=“2019-01-11T01:05:07-05:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/collectors/68641001-530f-494b-88f9-6800eecdb3e7: net/http: TLS handshake timeout"
time=“2019-01-11T01:05:16-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"
time=“2019-01-11T01:05:27-05:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/collectors/68641001-530f-494b-88f9-6800eecdb3e7: net/http: TLS handshake timeout"
time=“2019-01-11T01:05:36-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"
time=“2019-01-11T01:05:47-05:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/collectors/68641001-530f-494b-88f9-6800eecdb3e7: net/http: TLS handshake timeout"
time=“2019-01-11T01:05:56-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"
time=“2019-01-11T01:06:07-05:00” level=error msg="[UpdateRegistration] Failed to report collector status to server: Put https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/collectors/68641001-530f-494b-88f9-6800eecdb3e7: net/http: TLS handshake timeout"
time=“2019-01-11T01:06:16-05:00” level=error msg="[RequestConfiguration] Fetching configuration failed: Get https://mcs-graylog:9000/api/plugins/org.graylog.plugins.collector/68641001-530f-494b-88f9-6800eecdb3e7?tags=[“windows”%2C"tacacs"%2C"windows+AD"]: net/http: TLS handshake timeout"

I have already looked at this document. http://docs.graylog.org/en/2.5/pages/configuration/https.html

Anybody ever change out their cert before? If so, what did you have to change to get everything working as it was?

I change the cert regular, but I have my internal CA.

Do you have that in your environment too? if you not all clients need to trust the certificate. In addition did you try to restart the failing clients?

Yes, I import all the certificates to the servers.

I have already had a previous cert that was working fine on my clients. I just decided to change it out and I reimported the new cert in. That definitely did something because before the client log was complaining about it couldn’t connect due to expired ssl cert and it would not generate the xml file. Now it connects and generates the xml file with the configuration but I am still seeing the above log lines which is baffling to me.

All my certs are self-signed… In order to connect the client I changed the skip-verify entry in the configuration xml to true. That works but still the log lines above with errors.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.