Having issues enabling HTTPS on 3.2

Been having some issues getting HTTPS working for the web interface. Using the following commands from the guide I do the following.

openssl req -x509 -days 730 -nodes -newkey rsa:2048 -config openssl-graylog.cnf -keyout pkcs5-plain.pem -out graylog.pem
openssl pkcs8 -in pkcs5-plain.pem -topk8 -nocrypt -out pkcs8-plain.pem
openssl pkcs8 -in pkcs5-plain.pem -topk8 -out pkcs8-encrypted.pem -passout pass:test
cp pkcs8-encrypted.pem /etc/graylog/server/graylog-key.pem
cp graylog.pem /etc/graylog/server/graylog-certificate.pem

Here is the pertitent section of my config.

################
# HTTPS settings
################

#### Enable HTTPS support for the HTTP interface
#
# This secures the communication with the HTTP interface with TLS to prevent request forgery and eavesdropping.
#
# Default: false
http_enable_tls = true

# The X.509 certificate chain file in PEM format to use for securing the HTTP interface.
http_tls_cert_file = /etc/graylog/server/graylog-certificate.pem

# The PKCS#8 private key file in PEM format to use for securing the HTTP interface.
http_tls_key_file = /etc/graylog/server/graylog-key.pem

# The password to unlock the private key used for securing the HTTP interface.
http_tls_key_password = test

And yet when I start the server I get the following error

2020-02-20T17:44:49.213Z INFO [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Failed [LB:DEAD] 2020-02-20T17:44:49.215Z ERROR [InputSetupService] Not starting any inputs because lifecycle is: Failed [LB:DEAD] 2020-02-20T17:44:49.223Z INFO [PeriodicalsService] Shutting down periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread]. 2020-02-20T17:44:49.226Z INFO [PeriodicalsService] Shutdown of periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] complete, took <0ms>. 2020-02-20T17:44:49.227Z INFO [GracefulShutdownService] Running graceful shutdown for <1> shutdown hooks 2020-02-20T17:58:43.408Z INFO [GracefulShutdownService] Running graceful shutdown for <1> shutdown hooks 2020-02-20T17:58:43.413Z INFO [LogManager] Shutting down. 2020-02-20T17:58:43.414Z INFO [GracefulShutdownService] Initiate shutdown for <JobWorkerPool> 2020-02-20T17:58:43.414Z INFO [GracefulShutdownService] Finished shutdown for <JobWorkerPool>, took 0 ms 2020-02-20T17:58:43.425Z INFO [LookupDataAdapterRefreshService] Stopping 0 jobs 2020-02-20T17:58:43.428Z WARN [BufferSynchronizerService] Elasticsearch is unavailable. Not waiting to clear buffers and caches, as we have no healthy cluster. 2020-02-20T17:58:43.428Z INFO [OutputSetupService] Stopping output org.graylog2.outputs.BlockingBatchedESOutput 2020-02-20T17:58:43.449Z INFO [JournalReader] Stopping. 2020-02-20T17:58:43.474Z INFO [LogManager] Shutdown complete.

I’m not sure why I am getting this. I am sure I am being dumb though.

I also spent several hours without getting https for webinterface working just getting errors.
Can someone please confirm , https is working in 3.2.1 ?

yes - without any problems in my setup.

Hi, I have also spent several hours trying to get HTTPS working. I am on version 3.1.4. I just got it working by not using a secured pk8 key. This link provided the information I needed to get it working. Here are 4 lines from my log file that seemed relevant.
INFO [InputSetupService] Triggering launching persisted inputs, node transitioned from Uninitialized [LB:DEAD] to Failed [LB:DEAD]
ERROR [InputSetupService] Not starting any inputs because lifecycle is: Failed [LB:DEAD]
ERROR [ServerBootstrap] Graylog startup failed. Exiting. Exception was:
java.lang.IllegalStateException: Expected to be healthy after starting. The following services are not running: {FAILED=[JerseyService [FAILED]]}

Caused by: java.io.IOException: ObjectIdentifier() – data isn’t an object ID (tag = 48)

According to a link Jan posted in the following thread, the last message above indicates a problem with the key. Mine was 2048 bit, not 4096 as the error indicates. Exporting the key without the encryption was the solution for me.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.