onkargl007
(Onkar Nath Singh)
1
Greetings Team,
i am trying to setup graylog 3.3.1 using https but having difficulties/NO-Luck,
below is my configuration, need your support to resolve this…
File: openssl-graylog.cnf
[req]
distinguished_name = req_distinguished_name
x509_extensions = v3_req
prompt = no
Details about the issuer of the certificate
[req_distinguished_name]
C = AE
ST = Abu-Dhabi
L = Abu-Dhabi
O = xxxxx
OU = Network-Security
CN = netopps.xxxxx.net
[v3_req]
keyUsage = keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
IP addresses and DNS names the certificate should include
Use IP.### for IP addresses and DNS.### for DNS names,
with “###” being a consecutive number.
[alt_names]
IP.1 = 100.xxx.xxx.xxx
DNS.1 = netopps.xxxx.net
below certificate file and key has been created…
- pkcs5-plain.pem
- cert.pem
- pkcs8-plain.pem
- pkcs8-encrypted.pem
onkargl007
(Onkar Nath Singh)
2
below is the configuration of HTTPS
################
HTTPS settings
################
Enable HTTPS support for the HTTP interface
This secures the communication with the HTTP interface with TLS to prevent request forgery and eavesdropping.
Default: false
http_enable_tls = true
The X.509 certificate chain file in PEM format to use for securing the HTTP interface.
http_tls_cert_file = /certs/cert.pem
The PKCS#8 private key file in PEM format to use for securing the HTTP interface.
http_tls_key_file = /certs/pkcs8-plain.pem
The password to unlock the private key used for securing the HTTP interface.
http_tls_key_password = xxxxxxxx
http_publish_uri = https://1xx.xxx.xxx.xxx:9000/
/etc/default/graylog-server file :-
Path to the java executable.
JAVA=/usr/bin/java
Default Java options for heap and garbage collection.
GRAYLOG_SERVER_JAVA_OPTS="-Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:-OmitStackTraceInFastThrow -Djavax.net.ssl.trustStore=/certs/cacerts.jks -Djavax.net.ssl.trustStorePassword=XXXXX"
Pass some extra args to graylog-server. (i.e. “-d” to enable debug mode)
GRAYLOG_SERVER_ARGS=""
Program that will be used to wrap the graylog-server command. Useful to
support programs like authbind.
GRAYLOG_COMMAND_WRAPPER=""
getting an error secure connection failed…
jan
(Jan Doberstein)
3
and what error did you get when starting Graylog in your Graylog server.conf?
btw. your post would be more readable if you make your code block correct.
system
(system)
Closed
4
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.