Another useless post by Jan who wants to just get his name everywhere. The issue is if you make a new java cert file you need to set graylog to use the new java store and not the old one. It is much quicker to just ignore the docs and add it to the existing cert store and “pollute” it. (drop the .jks if it is not on the file)
Go to https://docs.graylog.org/en/3.1/pages/configuration/https.html
Then ignore “Adding a self-signed certificate to the JVM trust store”
Then instead of
$ keytool -importcert -keystore /path/to/cacerts.jks -storepass changeit -alias graylog-self-signed -file cert.pem
do
$ keytool -importcert -keystore /path/to/cacerts (the real one) -storepass changeit -alias graylog-self-signed -file cert.pem