Graylog2 https Error on Chrome


(Greg Smith) #1

Hello All,
Question about self-signed Certs for Graylog using HTTPS.
I’m using CentOS 7 Virtual machine, all in one Graylog Server,
My installed Certificates work from the instruction use from here: https://github.com/3vi1john/graylog
Chrome states “Not Secure” on the URL
I opened Developer Tools on Chrome and noticed the following;

The errors
“There are issues with the site’s certificate chain (net::ERR_CERT_COMMON_NAME_INVALID)”
And
“The certificate for this site does not contain a Subject Alternative Name extension containing a domain name or IP address”
Tried to fix this issue by creating a file named openssl-graylog.cnf and using it when making my certificates.
Instruction used;
http://docs.graylog.org/en/2.3/pages/configuration/https.html , No joy
I also tried to modify my /etc/pki/tls/openssl.cnf file as shown below;
[ v3_ca ]
subjectAltName= @alt_names

[alt_names]
DNS.1 = FQDN
IP.1 = IPaddress

I did some research and found most, if not all browsers do not like Self-Signed Certificates and to remove these errors properly I need SSL certificate provider (certificate authority).
Chrome Secure resources does state “All resources on this page are served securely.”
I was wondering if there is something else I could do to fix Certificate error & Subject Alternative Name error.


(Jochen) #2

No, you have to import your self-signed certificate(s) or the CA you’ve signed them with into the certificate store of your browser.

See https://support.securly.com/hc/en-us/articles/206081828-How-to-manually-install-the-Securly-SSL-certificate-in-Chrome for an example.


(Jan Doberstein) #3

you might want to use the following script that helps you with creating the self signed certificates:

and gives you the ability to easily adopt the needed command to your own needs.

regards
Jan


(Greg Smith) #4

@ jochen
Thank for your response, I did try to insert a certificate into Chrome, I still received the same error. I was not sure which certificate I should insert so, I download it from Chrome > Developer Tools > View certificate. This opens Certificate window > then clicked on tab called “Details” selected “all” , Click "Copy to File"then executed https://support.securly.com/hc/en-us/articles/206081828-How-to-manually-install-the-Securly-SSL-certificate-in-Chrome. Still errors out.


(Greg Smith) #5

@jan
Thank for the tip on the Script, Unfortunately I’m still running into the same issue, Here is a couple of screen shots.
This was executing script “create_ssl_sertc.sh”

The results were the same as shown below,

Not sure what I’m doing wrong. Any advice would be appreciated.
NOTE: Also tried with adding Cert to Chrome


(Jan Doberstein) #6

@gsmith

its simple your hostname (you use in chrome) is test-graylog.enseva-labs.net and your certificate is only created for test-graylog.

correct that and it should work


(Greg Smith) #7

@jan
Fixed: :slight_smile:
Thanks again jan


(system) #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.