Graylog blew up after adding SSL Cert


(Steve Ferguson) #1

Greetings,

Just added a wildcard certificate to graylog, and am getting a cryptic error when starting…

2017-06-07T10:40:31.293-07:00 ERROR [ServiceManager] Service JerseyService [FAIL ED] has failed in the STARTING state.
java.security.spec.InvalidKeySpecException: Neither RSA, DSA nor EC worked
at org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStor e.java:110) ~[graylog.jar:?]
at org.graylog2.shared.initializers.JerseyService.buildSslEngineConfigur ator(JerseyService.java:385) ~[graylog.jar:?]
at org.graylog2.shared.initializers.JerseyService.startUpWeb(JerseyServi ce.java:149) ~[graylog.jar:?]
at org.graylog2.shared.initializers.JerseyService.startUp(JerseyService. java:141) ~[graylog.jar:?]
at com.google.common.util.concurrent.AbstractIdleService$DelegateService $1.run(AbstractIdleService.java:62) [graylog.jar:?]
at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_131]
Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyE xception: IOException : DER input, Integer tag error
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java: 169) ~[sunec.jar:1.8.0_131]
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372) ~[?:1.8 .0_131]
at org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStor e.java:108) ~[graylog.jar:?]
… 6 more
Caused by: java.security.InvalidKeyException: IOException : DER input, Integer t ag error
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:351) ~[?:1.8.0_131]
at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:356) ~[?:1.8.0_131]
at sun.security.ec.ECPrivateKeyImpl.(ECPrivateKeyImpl.java:73) ~[s unec.jar:1.8.0_131]
at sun.security.ec.ECKeyFactory.implGeneratePrivate(ECKeyFactory.java:23 7) ~[sunec.jar:1.8.0_131]
at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java: 165) ~[sunec.jar:1.8.0_131]
at java.security.KeyFactory.generatePrivate(KeyFactory.java:372) ~[?:1.8 .0_131]
at org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStor e.java:108) ~[graylog.jar:?]

I added the certificate to the java keystore as well… Any suggestions?


(Jan Doberstein) #2

Hej @sferguson

the error is produced here in Graylog - did you checked if the Key Format is RSA, DSA or EC?

Please describe what you had done and if you read (what) documentation to solve your issue.


(Steve Ferguson) #3

The key appears to be RSA. I followed the documentation to enable SSL for the server


(Jan Doberstein) #4

did you check if the Graylog User is able to read the files?


(Steve Ferguson) #5

Yes. Graylog user has full RWX access to the folder.


(system) #6

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.