Graylog Open with self-signed certificate

Graylog Central (peer support)
1

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
I am in the process to setup a demo with graylog open and I already got the WebUI working with a self-signed certificate but I am having issues to make it work for secured input for my syslog servers. When I tail the /var/log/graylog-server/server.log I am seeing a lot of the following message:

2025-03-18T10:56:07.120-06:00 WARN [ProxiedResource] Failed to call API on node <27552e57-a257-47ff-a9da-263519580deb>, cause: None of the TrustManagers trust this certificate chain. (duration: 198 ms)

I generated this self-signed certificate on this same host where graylog is running on. Like I mentioned it is working alright for the WebUI

2. Describe your environment:

  • OS Information:
    I am running this on a Red Hat 9.5 VM

  • Package Version:
    graylog-6.1-repository_latest.rpm

  • Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?

4. How can the community help?
How can I make it work with a self-signed certificate? Is it even possible?

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

2

The certificate probably needs to be added to the trust store, following this guide should help explain the complete process.

3

I followed this guide and even created cert and key, also imported our local networks CA Root and intermediate Certs etc…nothing is working. I cannot even get a unsecured syslog port 514/udp or 10514/udp up and running. There is seriously something wrong with the install/config but i dont know where to start to troubleshoot it. Any ideas?

4

@mstjohn2

The below error suggests that while the WebUI is secure, the Graylog node is unable to make api calls to itself. It explicitly says that a certificate trust chain is missing from your keystore. Is this a Docker setup?

2025-03-18T10:56:07.120-06:00 WARN [ProxiedResource] Failed to call API on node <27552e57-a257-47ff-a9da-263519580deb>, cause: None of the TrustManagers trust this certificate chain. (duration: 198 ms)

Regarding inputs, you should be able to send logs if an input has not been secured. Are the inputs in a running state? As the node can’t call itself it might be that it’s unable to start the inputs.

Not to keep throwing guides at you but this “Hardening” course was recently released and covers securing inputs and goes into mutual auth.

5

Well, I followed this installation guide: Red Hat Installation: Single Graylog Node
and used this one for adding my root and intermediate Certs as well as my generated cert with key
https://graylog.org/post/how-to-guide-securing-graylog-with-tls/

6

Well, I couldnt get it to work properly with my certs, even with adding them to the keystore etc. I ended up removing all TLS stuff and got it to work insecure for now and will tackle TLS to a later point

7

How did you remove all the TLS stuff like you said, what exactly did you do?

8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.