File does not contain valid private key

Hello
I try graylog-sidecar with the input beat and tls/ssl on the graylog server 3.1 but I not can fix this problem below! Someone know this problem? It is possible to receive an how to for tls/ssl over graylog-sidecar?
Best regards

ERROR [AbstractTcpTransport] Error in Input [Beats/5dcXXXXXXXX] (channel [id: 0x4ef83d55, L:/192.168.X.X:5044 ! R:/192.168.X.X:54056]) (cause io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record

he @tigo

File does not contain valid private key: /etc/pki/tls/private/graylog-server.X.key.pem

it looks like that certificate is not valid …

1 Like

Hello the cert and key are ok now but I still receive that error with input XXX not an SSL/TLS record…

did you configure the beat to send in tls? because it look like you did.

1 Like

yes this is my idea. You have a how to that works?

http://docs.graylog.org/en/3.1/pages/secure/sec_graylog_beats.html

1 Like

Now I have this error! Error in Input [Beats/5dced10eec2d98271e02d7a9] (channel [id: 0x0788a38a, L:/192.168.120.73:6044 ! R:/192.168.120.74:51396]) (cause io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: error:10000412:SSL routines:OPENSSL_internal:SSLV3_ALERT_BAD_ CERTIFICATE)

If I use only the beat with only Enable TLS without cert, graylog create one but this dont work. Here the error:
2019-11-16T15:29:36.295+01:00 INFO [AbstractTcpTransport] Enabled TLS for input [Beats/5dd006ad67042e0e778ec025]. key-file="" cert-file=""
2019-11-16T15:29:36.295+01:00 WARN [AbstractTcpTransport] TLS key file or certificate file does not exist, creating a self-signed certificate for input [Beats/5dd006ad67042e0e778ec025].
2019-11-16T15:29:36.296+01:00 INFO [InputStateListener] Input [Beats/5dd006ad67042e0e778ec025] is now STARTING
2019-11-16T15:29:36.424+01:00 WARN [AbstractTcpTransport] receiveBufferSize (SO_RCVBUF) for input Beats2Input{title=new beat, type=org.graylog.plugins.beats.Beats2Input, nodeId=null} (channel [id: 0x6ffd35b9, L:/0:0:0:0:0:0:0:0%0:5044]) should be 1048576 but is 425984.
2019-11-16T15:29:36.425+01:00 INFO [InputStateListener] Input [Beats/5dd006ad67042e0e778ec025] is now RUNNING
2019-11-16T15:29:37.514+01:00 ERROR [AbstractTcpTransport] Error in Input [Beats/5dd006ad67042e0e778ec025] (channel [id: 0x9ffe5c90, L:/192.168.34.25:5044 ! R:/192.168.34.116:52830]) (cause io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 3257000001bc324300004e04785eec9dd99ae3c675c72bc8beeffb564226a19d26486c04978489e4d128962c8d648f46b2a59619102892f090000380dd331af755922bbf412ef200799d3c41de245fb18a20b8804da0aa4ba8e9fe3e5fb8d94d0d89fa9dfff99f730a05f30300c0cf01a078afd5b7d3608192d45d2cd5816aea465f330ccd703e35ec81d11d74cc966175bf509beadb0b94babe9bbaeae0b53a466eaa0ed449304763e4a66a534d5f2d913a50477ee4a94df50ac5491085ea40edb6ec96a9de3455e425eae0b57a85e224884275a01a2da3a5ab374d751625a93a78ad86ee02a903f56a71edc668ee8e5bd3551aa038465fb7e691e7ced59ba6ea4e5198aa83d79b7f6fb2fd046839430b14bbf351e0ab03d5b77dc7f68cb166f69cb166f77d57730da3af39e3c9d8f4cc9edf771db5a9cea2240ddd055207ead5e2da8dd1dc1db7a6ab3440718cbe6ecd23cf9dab4d35f0f17fd2f03d1fe9a6d6b7c78e667bbeaeb9e3c944734cc7b2fafab86b38faf12f3f8fa6eae0b51a4d26094ad581de5c7f70fcd2d24d67ea406d5fb9717b1e4ddbe44368214aafa3f845cb68e1b7dedc34d5054a12778a3fe705f4668bc887baa3ebb0e88df86d4d350897ab14ff33e9abf5f2e0576f9aaa17cde7c84ba37814463e22d78bfcc3c7bffd746e8e9268157b6894bd551da856afd7e9da9ea9e9fd4947b39db1adf52ca7afd95dab6376dcbed7f5917ab3864d014071cf82adcf0336960f5c78d566d11bcf292a0c524c4e2582f11b2bf39bd17616a8376bd47e1e00e5f139a8d93a0fd4727179017d37c500dd097ee5aec503ae795c6da3b4e212987e0100e57fc4c15403bd3e2502f74001f7c1e9970667471220f266117cb60ae1d3e80a1a3a348d81e10c0c133efff431c4760b3606f0c94be4add2209cc2c6e565a3d146a9b731026914cd9376e2c5c1324de88b6dea0e608c92d50269578bf5db1a54007f1100e5bfc4315b098ada9ab5e6c62a65ce720b057e09abca799ead99d93da3d3dba1e2240e3b345420a1d8bf944d206c59acc84a105dfd25b149fa6ebe4a45f6497952ad9638c4f34e0b9f2dfb9bd2c5ec981c149117a404a65f0640598a13bc7ac4d1bd84cf61ac9c2fa01fc4a1bb40f05c652d229590f72b00282fc5915729d5e237e1af7c4b8d5f07552a53815a06ab10b56e87a0d5c2ff4b523745decc0da7a895acc631be5a7569acfc2a00ca47e208acc1f72eb616150384f6c6b0bba3cdccdabad36d3ec69fb68a17b5bae68e17bd800b3708b795044da9bf0680f2be38acc4a6d402888b1c6b45acf67be082ad5b1945df62b5b179568fb9f07d19a48f231f0d758ad4af03a0207148d5caf24b29311b166c9d35d3ba5e1a5ca10f83241daee715f12aa4ad0c8dfc4a0b032fc1c8f248abc49afd86d8c42856c1dc291d83d5)

to be honest - the first error indicate

OPENSSL_internal:SSLV3_ALERT_BAD_ CERTIFICATE

That you have done it wrong with the certificate, alt names and additional I guess.

and the second you have checked that the sending client needs a certificate to authenticate but the filebeat does not send one … but that is just guessing.

1 Like

Dear Jan
How the communication work exactly if I have graylog with SSL/TLS on Port 9000 TCP and Beat input on Port 5044 and on the Hosts Graylog-Sidecar installed?

The sidecar is connecting to Graylog (TLS Port 9000) and checks in, if configured receive configuration from Graylog.

With that given configuration the sidecar starts the collector. The collector is after collecting sending the data (if configured correctly) to the beats input on Graylog. If that configuration contains parameters for tls/authentification that is done.

please check the docs: http://docs.graylog.org/en/3.1/pages/sidecar.html

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.