I have a setup with loadbalancer and three nodes. I want to achieve valid ssl traffic with signed cert. I have added link to my certs in graylog config, also added cert to java cacerts. I get error like this after startup:
2018-01-23T13:22:20.001+01:00 WARN [ProxiedResource] Unable to call https://3.graylog.my.domain:12900/api/system/metrics/multiple on node <4b24925a-5663-4818-b8d2-16413316008c>
javax.net.ssl.SSLPeerUnverifiedException: Hostname 3.graylog.my.domain not verified:
certificate: sha256/NyvFNqvPTFxZefHeNaBQ+cb6IHdC8TsKo5IKqgp0JwM=
DN: EMAILADDRESS=admin@my.domain, CN=*graylog.my.domain, OU=OU, O=O, L=L, ST=ST, C=C
subjectAltNames:
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:308) ~[graylog.jar:?]
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:268) ~[graylog.jar:?]
at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:160) ~[graylog.jar:?]
at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:256) ~[graylog.jar:?]
at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:134) ~[graylog.jar:?]
at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:113) ~[graylog.jar:?]
at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42) ~[graylog.jar:?]
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93) ~[graylog.jar:?]
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) ~[graylog.jar:?]
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:125) ~[graylog.jar:?]
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
at org.graylog2.rest.RemoteInterfaceProvider.lambda$get$0(RemoteInterfaceProvider.java:59) ~[graylog.jar:?]
at org.graylog2.rest.RemoteInterfaceProvider.dt_access$182(RemoteInterfaceProvider.java) ~[graylog.jar:?]
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147) ~[graylog.jar:?]
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121) ~[graylog.jar:?]
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200) ~[graylog.jar:?]
at okhttp3.RealCall.execute(RealCall.java:77) ~[graylog.jar:?]
at retrofit2.OkHttpCall.execute(OkHttpCall.java:180) ~[graylog.jar:?]
cert in java keystore:
graylog-cert, Jan 23, 2018, trustedCertEntry,
Certificate fingerprint (SHA1): F2:23:06:10:F0:83:34:10:9F:F4:97:78:31:2F:C8:48:2E:57:77:E3
cert for graylog
openssl x509 -in certnew.crt -text -noout -fingerprint | grep Finger
SHA1 Fingerprint=F2:23:06:10:F0:83:34:10:9F:F4:97:78:31:2F:C8:48:2E:57:77:E3