HTTPS GrayLog Issue version 3.3.1

Graylog Central (peer support)
1

Greetings Team,

i am trying to setup graylog 3.3.1 using https but having difficulties/NO-Luck,

below is my configuration, need your support to resolve this…

File: openssl-graylog.cnf
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

Details about the issuer of the certificate

[req_distinguished_name]
C = AE
ST = Abu-Dhabi
L = Abu-Dhabi
O = xxxxx
OU = Network-Security
CN = netopps.xxxxx.net

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

IP addresses and DNS names the certificate should include

Use IP.### for IP addresses and DNS.### for DNS names,

with “###” being a consecutive number.

[alt_names]
IP.1 = 100.xxx.xxx.xxx
DNS.1 = netopps.xxxx.net

below certificate file and key has been created…

  1. pkcs5-plain.pem
  2. cert.pem
  3. pkcs8-plain.pem
  4. pkcs8-encrypted.pem
2

below is the configuration of HTTPS

################

HTTPS settings

################

Enable HTTPS support for the HTTP interface

This secures the communication with the HTTP interface with TLS to prevent request forgery and eavesdropping.

Default: false

http_enable_tls = true

The X.509 certificate chain file in PEM format to use for securing the HTTP interface.

http_tls_cert_file = /certs/cert.pem

The PKCS#8 private key file in PEM format to use for securing the HTTP interface.

http_tls_key_file = /certs/pkcs8-plain.pem

The password to unlock the private key used for securing the HTTP interface.

http_tls_key_password = xxxxxxxx
http_publish_uri = https://1xx.xxx.xxx.xxx:9000/

/etc/default/graylog-server file :-

Path to the java executable.

JAVA=/usr/bin/java

Default Java options for heap and garbage collection.

GRAYLOG_SERVER_JAVA_OPTS="-Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:-OmitStackTraceInFastThrow -Djavax.net.ssl.trustStore=/certs/cacerts.jks -Djavax.net.ssl.trustStorePassword=XXXXX"

Pass some extra args to graylog-server. (i.e. “-d” to enable debug mode)

GRAYLOG_SERVER_ARGS=""

Program that will be used to wrap the graylog-server command. Useful to

support programs like authbind.

GRAYLOG_COMMAND_WRAPPER=""

getting an error secure connection failed…

3

and what error did you get when starting Graylog in your Graylog server.conf?

btw. your post would be more readable if you make your code block correct.

4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.