I’m setting this up with Ansible → packages are up to date.
Here is the keystore contents:
graylog.p12
keytool -list -v -keystore /etc/graylog/certs/graylog.p12 -storetype PKCS12
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: graylog
Creation date: Feb 25, 2025
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=<GRAYLOG.FQDN>, O=Us, L=somewhere, C=US
Issuer: CN=<GRAYLOG.FQDN>, O=Us, L=somewhere, C=US
Serial number: <REDACTED>
Valid from: Sun Feb 23 16:57:55 CET 2025 until: Thu Feb 22 16:57:55 CET 2035
Certificate fingerprints:
SHA1: <REDACTED> SHA256: <REDACTED>
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 4096-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit
]
#2: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
]
#3: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: graylog.backend
IPAddress: 172.28.14.4
]
#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: <REDACTED>
0010: <REDACTED>
]
]
*******************************************
*******************************************