Graylog blew up after adding SSL Cert

sferguson · June 7, 2017, 5:52pm

Greetings,

Just added a wildcard certificate to graylog, and am getting a cryptic error when starting…

2017-06-07T10:40:31.293-07:00 ERROR [ServiceManager] Service JerseyService [FAIL java.security.spec.InvalidKeySpecException: Neither RSA, DSA nor at org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStor at org.graylog2.shared.initializers.JerseyService.buildSslEngineConfigur at org.graylog2.shared.initializers.JerseyService.startUpWeb(JerseyServi at org.graylog2.shared.initializers.JerseyService.startUp(JerseyService. at com.google.common.util.concurrent.AbstractIdleService$DelegateService at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) at java.lang.Thread.run(Thread.java:748) [?:1.8.0_131]
Caused by: java.security.spec.InvalidKeySpecException: java.security.InvalidKeyE at sun.security.ec.ECKeyFactory.engineGeneratePrivate(ECKeyFactory.java: at java.security.KeyFactory.generatePrivate(KeyFactory.java:372) ~[?:1.8 at org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStor … 6 more
Caused by: java.security.InvalidKeyException: IOException : DER input, Integer t at sun.security.pkcs.PKCS8Key.decode(PKCS8Key.java:351) ~[?:1.8.0_131] EC worked
e.java:110) ~[graylog.jar:?]
ator(JerseyService.java:385) ~[graylog.jar:?]
ce.java:149) ~[graylog.jar:?]
java:141) ~[graylog.jar:?]
$1.run(AbstractIdleService.java:62) [graylog.jar:?]
[graylog.jar:?]
xception: IOException : DER input, Integer tag error
169) ~[sunec.jar:1.8.0_131]
.0_131]
e.java:108) ~[graylog.jar:?]
ag error
r> r> unec.jar:1.8.0_131]
7) ~[sunec.jar:1.8.0_131]
165) ~[sunec.jar:1.8.0_131]
.0_131]
e.java:108) ~[graylog.jar:?]

I added the certificate to the java keystore as well… Any suggestions?

jan · June 8, 2017, 6:11am

Hej @sferguson

the error is produced here in Graylog - did you checked if the Key Format is RSA, DSA or EC?

Please describe what you had done and if you read (what) documentation to solve your issue.

sferguson · June 8, 2017, 7:17pm

The key appears to be RSA. I followed the documentation to enable SSL for the server

jan · June 9, 2017, 10:05am

did you check if the Graylog User is able to read the files?

sferguson · June 9, 2017, 5:35pm

Yes. Graylog user has full RWX access to the folder.

system · June 23, 2017, 5:35pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Graylog unable to start after the setup of SSL/TLS Graylog Central (peer support)	25	13035	November 21, 2017
Getting JerseySevice Errors on my SSL Certificate's Private Key Graylog Central (peer support)	2	1918	November 19, 2018
Graylog HTTPS issues Graylog Central (peer support)	11	2179	February 7, 2018
Graylog crashes on startup if HTTPS is enabled Graylog Central (peer support)	20	1151	May 8, 2020
java.security.spec.InvalidKeySpecException: Neither RSA, DSA nor EC worked Graylog Central (peer support)	2	2692	May 12, 2020

Graylog blew up after adding SSL Cert

Related topics