Hey @gHost
yeah with containers, I did exactly what you did. As for JAVA default keystore “cacerts” was what I use/used.
Example:
environment:
GRAYLOG_JAVA_OPTS: '... -Djavax.net.ssl.trustStore=/srv/custom_keystore/cacerts -Djavax.net.ssl.trustStorePassword=changeit'
GRAYLOG_HEAP_SIZE: '8g'
volumes:
- /path/to/keystore/cacerts:/srv/custom_keystore/cacerts
- graylog-shared:/data/shared
Couple tricks I have found using self-sign certs. I used the java default keystore, I placed certs in Graylog home directory because Graylog owns that director this made access easier
(i.e., chown graylog:graylog -R /etc/graylog) to insure permission were set. As for a container