I want to connect my McAfee ePO Server with Graylog. As far as I know does the ePO only communicate via TLS. So I have created the key and cert files, put my Graylog-Input to TLS enable and all the stuff but still can’t get a test-connection between ePO and Graylog.
So I tried sending test syslog messages from the syslog-server to its syslog port with tls enalbed but this messages won’t get through either.
When I enable rest-tls and web-tls I can’t connect to the webinterface, proxy blocks it
I only get following error message in the graylog-logfile:
# Enable HTTPS support for the REST API. This secures the communication with the REST API with
# TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the
# next line to enable it.
#rest_enable_tls = true
# The X.509 certificate chain file in PEM format to use for securing the REST API.
#rest_tls_cert_file = /etc/graylog/server/certificate/cert.pem
# The PKCS#8 private key file in PEM format to use for securing the REST API.
#rest_tls_key_file = /etc/graylog/server/certificate/pkcs8-encrypted.pem
# The password to unlock the private key used for securing the REST API.
#rest_tls_key_password = "deletet"
# Enable HTTPS support for the web interface. This secures the communication of the web browser with the web interface
# using TLS to prevent request forgery and eavesdropping.
# This is disabled by default. Uncomment the next line to enable it and see the other related configuration settings.
#web_enable_tls = true
# The X.509 certificate chain file in PEM format to use for securing the web interface.
#web_tls_cert_file = /etc/graylog/server/certificate/cert.pem
# The PKCS#8 private key file in PEM format to use for securing the web interface.
#web_tls_key_file = /etc/graylog/server/certificate/pkcs8-encrypted.pem
# The password to unlock the private key used for securing the web interface.
#web_tls_key_password = "deletet"
I’ve tried to create new keys like in “Converting an existing Java Keystore to private key/certificate pair”
Test-connections here seem to load a little bit longer until the error message comes up, but now it says “Short read of DER length”
I just tried to do all steps mentioned in the documentation, so I barely knew, which steps I will need, so I tryed all steps, figuring out which cert and key must be used…
I’m sorry to say this, but TLS (or SSL) isn’t for the faint of heart.
Please read the OpenSSL documentation (or whatever program you’re using to create the private key and certificates) to find out what each command is doing in detail and then decide what you need to do.
The Graylog documentation tries to be as concise and “copy & paste” friendly as possible in this regard and doesn’t cover all important details.