Collector sidecar cross domain self signed cert ignore

(Matt) #1

Securing graylog using haproxy to do the ssl termination instead of graylog itself using a self signed cert for our local domain. All working well except we also have another domain that isn’t related pushing logs and sidecar configs to the instance in the “trusted” domain. Collector sidecar in the secondary domain is understandably throwing an error trying to communticate with graylog’s now secure API.

Error as follows.
Fetching configuration failed.  HTTPS://(API URL) certificate signed by unknown authority

Is there a way to instruct sidecar to ignore this and continue, or am I stuck creating another self signed cert for that secondary domain?

(Jan Doberstein) #2

if the Server can’t verify the CA and you are not able to add the CA to the Servers trust store, you might want to set in your collector_sidecar.yml the following:

tls_skip_verify: true

(Matt) #3

Uggh. I actually did try that first go around. Didn’t look like it was working because i had forgotton to cycle the service. It is working now that I restarted sidecar. Just a case of the noobs over here. Don’t mind me. Thank you for the reply Jan. The tls_skip works just fine.

(system) closed #4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.