graylog 3.2
debian 10
Corporate SSL cert signed by top CA (DigiCert)
The cert is a wilcard cert: *.domain.com
So after spending way to much time to get https up and running, i finally have it working but stuck with one error in the graylog server log when accessing the web interface. I suspect this is due to the wildcard certificate we use. Im guessing the IP would need to be specified in the certificate? (i have no possibility to change the cert)
Do i just have to live with it?
Here is the log output (redacted, and had to break the links as it didnt allow me to post links ):
B
2020-03-06T10:06:23.726+01:00 WARN [ProxiedResource] Unable to call :9000/api/system/metrics/multiple on node <87ead60e-9dab-4b31-818e-87158224d90e>: Hostname 172.29.10.75 not verified:
certificate: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DN: CN= *.domain.com, OU=IT, O=Company IT B.V., L=City, ST=Area, C=NL
subjectAltNames: [ *.domain.com, domain.com]
Here is my settings:(edited as they get detected as links that im not allowed to post)
Note, i was also not able to get a ecrypted PKCS8 private key with passphrase working, despite following the documentation. Kept getting java error ({FAILED=[JerseyService [FAILED]]})
I solved this by using unencrypted key. After reading about someone else with similar problems.
Also Chrome keeps telling me my site is untrusted, while firefox seems to trust it. I will chalk that up to Chrome being a generally crappy browser.
Ok, so i decided to get a clean start and set up the server again on ubuntu 18.04
Everything works, but now a slightly different issue:
B
2020-03-06T15:08:56.232Z WARN [ProxiedResource] Unable to call https://172.29.10.75:9000/api/system/inputstates on node : sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
I could not even start the input on higher ports, and then set up authbind. Now i have the input at udp 514.
In the webui i get error that input doesnt start
In the logs it clearly says it starts
It is working, logs are flooding in from nodes.
Blockquote
2020-03-06T15:08:37.135Z INFO [InputStateListener] Input [Syslog UDP/5e6260420b6f2e43ed7685e1] is now STARTING
2020-03-06T15:08:37.146Z WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input SyslogUDPInput{title=syslog1, type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=ad269a19-21a2-41c3-802e-72fa8f915f04} (channel [id: 0x871cfe52, L:/0:0:0:0:0:0:0:0%0:61305]) should be 262144 but is 425984.
2020-03-06T15:08:37.150Z WARN [UdpTransport] receiveBufferSize (SO_RCVBUF) for input SyslogUDPInput{title=syslog1, type=org.graylog2.inputs.syslog.udp.SyslogUDPInput, nodeId=ad269a19-21a2-41c3-802e-72fa8f915f04} (channel [id: 0x585c4beb, L:/0:0:0:0:0:0:0:0%0:61305]) should be 262144 but is 425984.
2020-03-06T15:08:37.154Z INFO [InputStateListener] Input [Syslog UDP/5e6260420b6f2e43ed7685e1] is now RUNNING
but you found the reason for the problem already. Graylog is connecting to itself and if the http_publish used ip or hostname is not part of the certificate it will fail.
