@cbgraham
just an FYI, from the begining I reset my java keystore called “cacerts”. I made a backup before starting all of this. So i reset my cacerts file to default.
Then after the first line of Graylog3 with https (easy tutorial)
- mkdir /etc/ssl/certs/graylog/ && cd /etc/ssl/certs/graylog/
I made the file called “openssl-graylog.cnf” as shown below.
Then I used this ssl-setup
I quote “create a file named openssl-graylog.cnf with the following content (customized to your needs):”
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
# Details about the issuer of the certificate
[req_distinguished_name]
C = US
ST = Some-State
L = Some-City
O = My Company
OU = My Division
CN = graylog.example.com
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
# IP addresses and DNS names the certificate should include
# Use IP.### for IP addresses and DNS.### for DNS names,
# with "###" being a consecutive number.
[alt_names]
IP.1 = 203.0.113.42
DNS.1 = graylog.example.com
Then I continued through the rest of the documentation from Graylog3 with https (easy tutorial)
As stated from above I made some configuration prior to finishing the steps in that documentation.
When you restart the Graylog service make sure you tail graylogs log file and look for WARN or ERROR signs.I also stated from above what error I received and how i fixed it. These instruction is not what you do, Its how you do it. You might need to start from the being, it seems that you have different things configured from different sources. I to had to roll everything back and get a fresh start. To be honest I have tried for three months to figure out this problem unitl I came accross Graylog3 with https (easy tutorial) I just used his direction and thats it, with some adjustments.
Hope this helps