I’m having an issue with Graylog ova i’ve deployed for testing. I followed the guide here: http://docs.graylog.org/en/latest/pages/configuration/https.html and am having some issues getting this configured. I tried looking over some of the previous forum posts about this issue, but I haven’t found a solution that has worked for me. I have configured the server with a single static IP address and our primary and secondary DNS servers. I have included both the server’s IP address and our DNS servers in the .cnf file when creating the self signed cert.
I tried adding the self-signed certificate to the JVM trust store, but that didn’t seem to help (I returned to a previous snapshot for all the information below). Do I need to add the cert to the JVM trust store for my configuration?
Otherwise, is there anything else I can try?
Thank you,
Graylog: graylog-3.1.3-1.ova
Type: Single Node, Single VM
License: Free Enterprise
server.log: pastebin com/kZt2kM95
server.conf: pastebin com/08qWBLa4
openssl-graylog.cnf:
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no[req_distinguished_name]
C = XX
ST = XXXXX
L = XXXXXX
O = XXXXXX
OU = XXX XXXX
CN = XXXXXXXXX.LOCAL[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names[alt_names]
IP.1 = XXX.XXX.XXX.XXX
DNS.1 = XXX.XXX.XXX.XXX
DNS.2 = XXX.XXX.XXX.XXX
Commands used to configure TLS:
openssl req -x509 -days 1095 -nodes -newkey rsa:4096 -config openssl-graylog.cnf -keyout pkcs5-plain.pem -out cert.pem
openssl pkcs8 -in pkcs5-plain.pem -topk8 -nocrypt -out pkcs8-plain.pem
openssl pkcs8 -in pkcs5-plain.pem -topk8 -out pkcs8-encrypted.pem -passout pass:XXXXXXXXX
chmod 0644 pkcs8-encrypted.pem