HTTPS GrayLog Issue version 3.3.1

Greetings Team,

i am trying to setup graylog 3.3.1 using https but having difficulties/NO-Luck,

below is my configuration, need your support to resolve this…

File: openssl-graylog.cnf
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no

Details about the issuer of the certificate

[req_distinguished_name]
C = AE
ST = Abu-Dhabi
L = Abu-Dhabi
O = xxxxx
OU = Network-Security
CN = netopps.xxxxx.net

[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names

IP addresses and DNS names the certificate should include

Use IP.### for IP addresses and DNS.### for DNS names,

with “###” being a consecutive number.

[alt_names]
IP.1 = 100.xxx.xxx.xxx
DNS.1 = netopps.xxxx.net

below certificate file and key has been created…

  1. pkcs5-plain.pem
  2. cert.pem
  3. pkcs8-plain.pem
  4. pkcs8-encrypted.pem

below is the configuration of HTTPS

################

HTTPS settings

################

Enable HTTPS support for the HTTP interface

This secures the communication with the HTTP interface with TLS to prevent request forgery and eavesdropping.

Default: false

http_enable_tls = true

The X.509 certificate chain file in PEM format to use for securing the HTTP interface.

http_tls_cert_file = /certs/cert.pem

The PKCS#8 private key file in PEM format to use for securing the HTTP interface.

http_tls_key_file = /certs/pkcs8-plain.pem

The password to unlock the private key used for securing the HTTP interface.

http_tls_key_password = xxxxxxxx
http_publish_uri = https://1xx.xxx.xxx.xxx:9000/

/etc/default/graylog-server file :-

Path to the java executable.

JAVA=/usr/bin/java

Default Java options for heap and garbage collection.

GRAYLOG_SERVER_JAVA_OPTS="-Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:-OmitStackTraceInFastThrow -Djavax.net.ssl.trustStore=/certs/cacerts.jks -Djavax.net.ssl.trustStorePassword=XXXXX"

Pass some extra args to graylog-server. (i.e. “-d” to enable debug mode)

GRAYLOG_SERVER_ARGS=""

Program that will be used to wrap the graylog-server command. Useful to

support programs like authbind.

GRAYLOG_COMMAND_WRAPPER=""

getting an error secure connection failed…

and what error did you get when starting Graylog in your Graylog server.conf?

btw. your post would be more readable if you make your code block correct.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.