Graylog3 with https (easy tutorial)

My ambient test:

-Oracle Linux 7.6 (VMware 15);
-Network: NAT;
-Graylog3, MongoDB and Elastic: running together;

  • Documentation base for RPM distro.

First of all, read Docs » Configuring Graylog » Using HTTPS

0- mkdir /etc/ssl/certs/graylog/ && cd /etc/ssl/certs/graylog/
1- openssl req -x509 -days 1095 -nodes -newkey rsa:2048 -config openssl-graylog.cnf -keyout pkcs5-plain.pem -out cert.pem
2- openssl pkcs8 -in pkcs5-plain.pem -topk8 -nocrypt -out pkcs8-plain.pem
3- openssl pkcs8 -in pkcs5-plain.pem -topk8 -out pkcs8-encrypted.pem -passout pass:secret
4- openssl req -config openssl-graylog.cnf -out graylog.csr -new -newkey rsa:2048 -nodes -keyout graylog.key
5- openssl req -x509 -sha512 -nodes -days 1095 -newkey rsa:2048 -config openssl-graylog.cnf -keyout graylog.key -out graylog.crt
6- openssl req -config openssl-graylog.cnf -out graylog.csr -key graylog.key -new
7- openssl x509 -x509toreq -in graylog.crt -out graylog.csr -signkey graylog.key
8- openssl pkcs12 -export -in graylog.crt -inkey graylog.key -out keystore.pfx
9- openssl pkcs12 -in keystore.pfx -nokeys -out graylog-certificate.pem
10- openssl pkcs12 -in keystore.pfx -nocerts -out graylog-pkcs5.pem
11- openssl pkcs8 -in graylog-pkcs5.pem -topk8 -out graylog-key.pem
12- keytool -import -trustcacerts -file graylog.crt -alias server -keystore graylog_keystore.jks -storepass secret [SSL-JAVA]
13- keytool -list -v -keystore graylog_keystore.jks -alias
14- keytool -importkeystore -srckeystore graylog_keystore.jks -destkeystore keystore.p12 -deststoretype PKCS12
15- openssl pkcs12 -in keystore.p12 -nokeys -out graylog-certificate.pem
16- openssl pkcs8 -in graylog-pkcs5.pem -topk8 -out graylog-key.pem
17- cp -a “/usr/lib/jvm/java-1.8.0-openjdk-” /etc/ssl/certs/graylog/graylog-key.jks
18- keytool -importcert -keystore graylog.jks -storepass changeit -alias graylog-self-signed -file cert.pem
19- Add “” em /etc/sysconfig/graylog-server
20- Change to HTTP publish URI in http_publish_uri = https://IP:9000/

**Don’t forget to enable ports to services in firewall and selinux.

Good luck :nerd_face:

Sources: [SSL] [SSL-JAVA]


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.