Hi,

I’ve installed GRAYLOG using the latest .ova file. Can’t seem to be able to get https to work. have certificates, which i know work as we’ve used them on other Linux Servers

In the log file i see

RROR [CmdLineTool] Invalid configuration
com.github.joschi.jadconfig.ValidationException: Unreadable or missing HTTP private key:

My server.conf looks like the following

Default: false

http_enable_tls = true

The X.509 certificate chain file in PEM format to use for securing the HTTP interface.

http_tls_cert_file = /etc/graylog/star_cert.pem

The PKCS#8 private key file in PEM format to use for securing the HTTP interface.

http_tls_key_file = /etc/graylog/star_private.pem

The password to unlock the private key used for securing the HTTP interface.

http_tls_key_password = changeit

permissions to the .pem file(s)s are as follows

-rwxrwxrwx 1 root root 2145 Jun 28 03:33 star_private.pem
-rwxrwxrwx 1 root root 2776 Jun 28 03:33 star_cert.pem

Does anyone have any advise?

Regards

TheWanKing

in what format is your key? Did you notice that you need a PKCS8 in Graylog?

Hi Jan,

Thanks for your quick response. to confirm yes, its in PKCS8 format.

Bag Attributes
Microsoft Local Key set:
localKeyID: 01 00 00 00
friendlyName: le-e62d7ae9-e8cb-40f4-85c2-0814bd67461d
Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider
Key Attributes
X509v3 Key Usage: 10
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIfCnWLLHUySoCAggA
…
0HMJDLb9FlN3cgcz+mQUpw==
-----END ENCRYPTED PRIVATE KEY-----

Ended up building a new GRAYLOG server from scratch, this time WITHOUT the appliance (.ova). Still couldn’t get https working using the graylog conf file, however, managed to get it working using apache reverse proxy.

Check /var/log/graylog-server/server.log

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.