Hello All,
Question about self-signed Certs for Graylog using HTTPS.
I’m using CentOS 7 Virtual machine, all in one Graylog Server,
My installed Certificates work from the instruction use from here: https://github.com/3vi1john/graylog
Chrome states “Not Secure” on the URL
I opened Developer Tools on Chrome and noticed the following;
The errors
“There are issues with the site’s certificate chain (net::ERR_CERT_COMMON_NAME_INVALID)”
And
“The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address”
Tried to fix this issue by creating a file named openssl-graylog.cnf and using it when making my certificates.
Instruction used; http://docs.graylog.org/en/2.3/pages/configuration/https.html , No joy
I also tried to modify my /etc/pki/tls/openssl.cnf file as shown below;
[ v3_ca ]
subjectAltName= @alt_names
[alt_names]
DNS.1 = FQDN
IP.1 = IPaddress
I did some research and found most, if not all browsers do not like Self-Signed Certificates and to remove these errors properly I need SSL certificate provider (certificate authority).
Chrome Secure resources does state “All resources on this page are served securely.”
I was wondering if there is something else I could do to fix Certificate error & Subject Alternative Name error.
@ jochen
Thank for your response, I did try to insert a certificate into Chrome, I still received the same error. I was not sure which certificate I should insert so, I download it from Chrome > Developer Tools > View certificate. This opens Certificate window > then clicked on tab called “Details” selected “all” , Click "Copy to File"then executed https://support.securly.com/hc/en-us/articles/206081828-How-to-manually-install-the-Securly-SSL-certificate-in-Chrome. Still errors out.
@jan
Thank for the tip on the Script, Unfortunately I’m still running into the same issue, Here is a couple of screen shots.
This was executing script “create_ssl_sertc.sh”
