Graylog startup failed

Graylog Central (peer support)
1

Having trouble with https. Have followed all the instructions, using a cert from Comodo with FDQN in the conf, tried it with internal IP & external IP as well.

2017-12-24T23:23:42.253+07:00 ERROR [ServerBootstrap] Graylog startup failed. Exiting. Exception was:
java.lang.IllegalStateException: Expected to be healthy after starting. The following services are not running: {FAILED=[JerseyService [FAILED]]}
	at com.google.common.util.concurrent.ServiceManager$ServiceManagerState.checkHealthy(ServiceManager.java:742) ~[graylog.jar:?]
	at com.google.common.util.concurrent.ServiceManager$ServiceManagerState.awaitHealthy(ServiceManager.java:555) ~[graylog.jar:?]
	at com.google.common.util.concurrent.ServiceManager.awaitHealthy(ServiceManager.java:304) ~[graylog.jar:?]
	at org.graylog2.bootstrap.ServerBootstrap.startCommand(ServerBootstrap.java:149) [graylog.jar:?]
	at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:209) [graylog.jar:?]
	at org.graylog2.bootstrap.Main.main(Main.java:44) [graylog.jar:?]
2

I’m also seeing this. The graylog server is in a DMZ with 1:1 NAT and no proxy.

2017-12-24T23:40:21.801+07:00 ERROR [ServiceManager] Service JerseyService [FAILED] has failed in the STARTING state.
java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48)
	at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:257) ~[?:1.8.0_151]
	at sun.security.util.DerInputStream.getOID(DerInputStream.java:314) ~[?:1.8.0_151]
	at com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267) ~[sunjce_provider.jar:1.8.0_151]
	at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) ~[?:1.8.0_151]
	at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132) ~[?:1.8.0_151]
	at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114) ~[?:1.8.0_151]
	at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372) ~[?:1.8.0_151]
	at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95) ~[?:1.8.0_151]
	at org.graylog2.shared.security.tls.PemKeyStore.generateKeySpec(PemKeyStore.java:69) ~[graylog.jar:?]
	at org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:98) ~[graylog.jar:?]
	at org.graylog2.shared.initializers.JerseyService.buildSslEngineConfigurator(JerseyService.java:387) ~[graylog.jar:?]
	at org.graylog2.shared.initializers.JerseyService.startUpApi(JerseyService.java:208) ~[graylog.jar:?]
	at org.graylog2.shared.initializers.JerseyService.startUp(JerseyService.java:141) ~[graylog.jar:?]
	at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:62) [graylog.jar:?]
	at com.google.common.util.concurrent.Callables$4.run(Callables.java:122) [graylog.jar:?]
	at java.lang.Thread.run(Thread.java:748) [?:1.8.0_151]
3

It looks like your configuration is some kind of wrong.

4

I’ve rechecked everything.

found this. https://groups.google.com/forum/#!topic/graylog2/aMXsteeHW-M

I can read the headers and the encrypted key with openssl. It seems to be specifically with CA signed certs.

permissions on the key are 444, cert are 644 and folder is 755.

I’m a bit stumped at this stage

5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.