Hey guys
I now that there are a bunch of question here about Graylog + HTTPs, i had read them and tryed multiple times to set this thing but i coudn’t, can you guys help?
Basically my problem is the same that was posted here Graylog 3.2 https problem (not by me)
I’m using Graylog 3.2 (original install was 3.0, fter this i did upgrade to 3.1 and now Graylog 3.2.1+dbaac33 on sv (Private Build 1.8.0_242 on Linux 5.3.0-28-generic))
My OS is " Ubuntu 18.04.4 LTS (Bionic Beaver)", VM on Hyper-V Server 2012
openssl-graylog.cnf is:
[req] distinguished_name = req_distinguished_name x509_extensions = v3_req prompt = no # Details about the issuer of the certificate [req_distinguished_name] C = BR ST = PR L = Matriz O = My Company OU = TI CN = sv
[v3_req] keyUsage = keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names
# IP addresses and DNS names the certificate should include # Use IP.### for IP addresses and DNS.### for DNS names, # with “###” being a consecutive number. [alt_names] IP.1 = 192.168.20.11
I used the documentation for Graylog 3.2 with https and those files were generated:
cert.pem
openssl-graylog.cnf
pkcs5-plain.pem
pkcs8-encrypted.pem
pkcs8-plain.pem
i did a copy of the cacerts file into /etc/graylog/server/cacerts.jks then imported the cert.pem
On /etc/defaults/graylog-server i added “-XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Djavax.net.ssl.trustStore=/etc/graylog/server/cacerts.jks -Djavax.net.ssl.trustStorePassword=pass”
my server.conff has:
http_enable_tls = true
http_tls_cert_file = /etc/graylog/server/cert.pem http_tls_key_file = /etc/graylog/server/pkcs8-encrypted.pem
http_tls_key_password = pass
When i restart the graylog service i end up with "
Windows Terminal
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target"
Can you guys help?
Thanks