HTTP JSON path data adapter - private HTTPS API certification problems

Hi,

I’m having trouble using the HTTP JSON path data adapter from graylog due to HTTPS certification problems.

I’ve developed a small web service that responds to HTTPS requests with JSON values, the requests are of the the form:

curl -s -G --data-urlencode 'hash=415f12a879deceb0d90b8953154a1ad80ab7fc40' https://my-private-web-service.my.internal.domain | jq
{
  "updated": true,
  "hash": "415f12a879deceb0d90b8953154a1ad80ab7fc40",
  "value": {
    "description": "interesting stuff"
  }
}

The certificate presented is a wildcard for *.my.internal.domain

Previously I’ve installed a private Windows Active Directory CA certificate in all my managed Linux systems, and as you can see this is working perfectly with curl.

Don’t forget to select tags to help index your topic!

1. Steps taken

• I’ve configured a data adapter to query https://my-private-web-service.my.internal.domain
• whitelisted this domain
• ensured the CA certificate for my.internal.domain exists in /etc/pki/ca-trust/extracted/java/cacerts

keytool -keystore /etc/pki/ca-trust/extracted/java/cacerts -list | grep -A 1 -i mydomain
mydomain-ca, Sep 29, 2021, trustedCertEntry, 
Certificate fingerprint (SHA1): SA:NI:TI:SE:DF:IN:GE:RP:RI:NT

• added -Djavax.net.ssl.trustStore=/etc/pki/ca-trust/extracted/java/cacerts to GRAYLOG_SERVER_JAVA_OPTS in /etc/sysconfig/graylog
• restarted the graylog-server, no errors are logged

2. My Environment:

• CentOS 7
• graylog 3.1

I get this in the logs when trying to manually lookup the same key as in the curl example:

2021-12-14T11:58:32.326Z ERROR [HTTPJSONPathDataAdapter] HTTP request error for key <415f12a879deceb0d90b8953154a1ad80ab7fc40>
javax.net.ssl.SSLPeerUnverifiedException: Hostname my-private-web-service.my.internal.domain not verified:
    certificate: sha256/manyrandomchars
    DN: EMAILADDRESS=some-email@my.company, CN=*.my.internal.domain, O=My Company, L=MyCity, ST=MyRegion, C=MyCountry
    subjectAltNames: []

however:

ps -ef | grep -w java | grep -w graylog
graylog    3715   3698  7 11:57 ?        00:05:35 /usr/bin/java -Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:-OmitStackTraceInFastThrow -Dlog4j2.formatMsgNoLookups=true -Djavax.net.ssl.trustStore=/etc/pki/ca-trust/extracted/java/cacerts -Djavax.net.ssl.trustStorePassword=changeit -XX:+UseParNewGC -jar -Dlog4j.configurationFile=file:///etc/graylog/server/log4j2.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar -Dgraylog2.installation_source=rpm /usr/share/graylog-server/graylog.jar server -f /etc/graylog/server/server.conf -np

3. Troubleshooting

• I looked into the documentation but found nothing regarding using the system’s trusted CA
• Other similar data adapters work perfectly with public CA certificates, or plain HTTP

4. How can the community help?

• explain what I’m doing wrong
• point in the right direction

Thanks in advance

Hello,

Couple things to check.

Does graylog have access your keystore?

sudo chown graylog:graylog

Are certificate/s in the right format for Graylog and are the correct certificates installed in the keystore?

https://docs.graylog.org/v1/docs/https
https://docs.graylog.org/v1/docs/sec-adcs-certificates

EDIT: I would also check your /etc/hosts file (i.e. 8.8.8.8 graylog.domain.com) and if your running DNS server make sure the reverse lookup (PTR) is correct.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.