HTTPS Certificate not working since Update to 2.3


(Steffen) #1

Hi all,

today I’ve upgraded my OVA from 2.1 to the newest version 2.3.
I got a lot of issues after that, the most of them I got resolved by reading some posts here in the community.
I am glad that I was not the only one with issues regarding the search in all messages, chef client errors, site down and so on. :smiley:

However, since I’ve upgraded the OVA, my https certificate is not working anymore. I tried different things but I can’t solve that issue atm.

When I check my config I wondered why there were some configurations missing ?!?!?!
I have no entries in /opt/graylog/server/graylog.conf like e.g.

web_enable_tls = true
web_tls_cert_file = /path/to/graylog-certificate.pem
web_tls_key_file = /path/to/graylog-key.pem

Is the new version running different? They are missing in my config, but why? Can I solve this if I add them manually?

I need to add that i had to uninstall the graylog as service before upgrading the OVA.
Someone installed the graylog on the OVA - therefor the update was firstly not possible.

Thanks in advance!

BR
Steffen


(Scampuza) #2

Hi !

According to the official documentation, http://docs.graylog.org/en/2.3/pages/configuration/https.html?highlight=TLS,
this has not changed at all.

# Enable HTTPS support for the REST API. This secures the communication with the REST API
# using TLS to prevent request forgery and eavesdropping.
rest_enable_tls = true

# The X.509 certificate chain file in PEM format to use for securing the REST API.
rest_tls_cert_file = /path/to/graylog-certificate.pem

# The PKCS#8 private key file in PEM format to use for securing the REST API.
rest_tls_key_file = /path/to/graylog-key.pem

# The password to unlock the private key used for securing the REST API.
rest_tls_key_password = secret

# Enable HTTPS support for the web interface. This secures the communication the web interface
# using TLS to prevent request forgery and eavesdropping.
web_enable_tls = true

# The X.509 certificate chain file in PEM format to use for securing the web interface.
web_tls_cert_file = /path/to/graylog-certificate.pem

# The PKCS#8 private key file in PEM format to use for securing the web interface.
web_tls_key_file = /path/to/graylog-key.pem

# The password to unlock the private key used for securing the web interface.
web_tls_key_password = secret

(Bill Murrin) #3

I checked the source code and see the settings in the graylog.conf for the 2.3.0 branch.


(Steffen) #4

Hi,

thank you, I wondered if they changed something in the graylog.conf.

I now added the entries for the web certificate manually but it does not work for me :confused:
If I run a
graylog-ctl reconfigure
The manually added entries dissapear oO

I have no idea how to get this issue solved…


(Steffen) #5

Hi,
thank you!
I wonder why the entries are missing in my graylog.config
If I add something manually it dissapears after I run a graylog-ctl reconfigure :(+


(Jochen) #6

If you’re using the OVA (or AMI), you’re not supposed to edit anything manually but you have to use the graylog-ctl utility instead.

See http://docs.graylog.org/en/2.3/pages/configuration/graylog_ctl.html#install-custom-ssl-certificates for how to install custom certificates on the OVA.


(Steffen) #7

Thats it! Thank you again Jochen :slight_smile:


(system) #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.