Ran in to an issue configuring HTTPS on Graylog 3.2 when it comes to the PKCS8 key. When starting the server, receive an error message in log for JerseyService:
“Caused by: java.io.IOException: ObjectIdentifier() – data isn’t an object ID (tag = 48)”
I’ve come across numerous other posts from earlier this year for the same issue in 3.2. The solution the majority of the time was to re-run the openssl conversion and create a plain unencrypted PKCS8 key.
From a security standpoint - is this safe? Wouldn’t it be preferred to use an encrypted key instead? Does anyone know of a better workaround or fix to this issue?
I understand, from seeing many of your previous comments on other posts, that this is not preferred, and that it’s safer to use an issued certificate from a CA. I would argue that some people in certain environments do not have access to a CA and that a self-signed cert is their only option. I have not seen posts from previous versions of Graylog with this issue, at least not at the frequency that the current version has experienced.