Hi there !
I am currently facing an issue with Graylog 3.3 and certificates.
We are running on a CentOS 8 server and followed all steps to install it properly.
I am able to connect on web interface using HTTP without any issue.
I want to be more secure by going HTTPS but I have got the followin error when trying to configure certificates :
2020-12-08T15:28:05.877+01:00 WARN [DefaultTLSProtocolProvider] JRE doesn’t support all default TLS protocols. Changing <[TLSv1.2, TLSv1.3]> to <[TLSv1.2]>
2020-12-08T15:28:06.019+01:00 INFO [CmdLineTool] Loaded plugin: AWS plugins 3.3.9 [org.graylog.aws.AWSPlugin]
2020-12-08T15:28:06.019+01:00 INFO [CmdLineTool] Loaded plugin: Integrations 3.3.9 [org.graylog.integrations.IntegrationsPlugin]
2020-12-08T15:28:06.020+01:00 INFO [CmdLineTool] Loaded plugin: Collector 3.3.9 [org.graylog.plugins.collector.CollectorPlugin]
2020-12-08T15:28:06.021+01:00 INFO [CmdLineTool] Loaded plugin: Threat Intelligence Plugin 3.3.9 [org.graylog.plugins.threatintel.ThreatIntelPlugin]
2020-12-08T15:28:06.144+01:00 ERROR [CmdLineTool] Invalid configuration
com.github.joschi.jadconfig.ValidationException: Unreadable or missing HTTP private key: null
at org.graylog2.configuration.HttpConfiguration.validateTlsConfig(HttpConfiguration.java:252) ~[graylog.jar:?]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_272]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_272]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_272]
at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_272]
at com.github.joschi.jadconfig.ReflectionUtils.invokeMethodsWithAnnotation(ReflectionUtils.java:53) ~[graylog.jar:?]
at com.github.joschi.jadconfig.JadConfig.invokeValidatorMethods(JadConfig.java:221) ~[graylog.jar:?]
at com.github.joschi.jadconfig.JadConfig.process(JadConfig.java:100) ~[graylog.jar:?]
at org.graylog2.bootstrap.CmdLineTool.processConfiguration(CmdLineTool.java:351) [graylog.jar:?]
at org.graylog2.bootstrap.CmdLineTool.readConfiguration(CmdLineTool.java:344) [graylog.jar:?]
at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:178) [graylog.jar:?]
at org.graylog2.bootstrap.Main.main(Main.java:50) [graylog.jar:?]
The error message is :
ERROR [CmdLineTool] Invalid configuration
com.github.joschi.jadconfig.ValidationException: Unreadable or missing HTTP private key: null
Where is the private key path ?
I tried with both a self-signed key and from a signed key using our internal CA (Windows-based)
Any idea ?
Thank you
Best regards
Clement