Https problem on Graylog 3.0

(Alessio Dapelo) #1

Goodmorning everyone
I have this problem in using and configuring the certificate for the ssl protocol installed on my appliance
I state that I installed graylog starting from the image ova 3.0-12
I copied the graylog.crt and graylog.key files from my old appliance version 2.4.5 and configured my server.conf file as follows:

#### Enable HTTPS support for the HTTP interface
#
# Secures the communication with the HTTP interface with TLS to prevent request forgery and eavesdropping.
#
# Default: false
http_enable_tls = true

# The X.509 certificate chain file in PEM format to use for securing the HTTP interface.
http_tls_cert_file = /etc/graylog/crt/graylog.crt

# The PKCS # 8 private key file in PEM format to use for securing the HTTP interface.
http_tls_key_file = /etc/graylog/crt/graylog.key

# The password to unlock the private key used for securing the HTTP interface.
#http_tls_key_password = secret

The problem I find is that I access my Web GUI without problems to the IP Address https: // IpAddress: 9000 but if I try to access the node I get an error message “error getting data” and it indicates that "system information is currently unavailable "
At the moment I’m using my installation with an Ip Address different from the one of the previous installation

Can you give me some advice and help me solve my problem?
Thanks in advance for the time spent

0 Likes

(Ben van Staveren) #2

Please edit your post and format the server.conf with the </> button on the editor, otherwise it looks … unintelligible.

0 Likes

(Alessio Dapelo) #3

Ok, sorry
Post edited

1 Like

(Ben van Staveren) #4

Thanks!

It looks like you are using self-signed certificates, so most likely you will have to add the CA that issued them to your browsers’ trust store, otherwise it won’t accept them. Also the Common Name in the certificate must match the name of the node.

Other than that I have no ideas :frowning:

0 Likes

(Alessio Dapelo) #5

ok, I think I understand what the problem is
I used a certificate from an old installation of mine, the name of the node was different, so I think I need to make a new certificate and I need to figure out how to make it trust my browser, now I have to look for a correct procedure to do it, following the one on the official documentation I did not succeed
Thanks for your comment

0 Likes

(Alessio Dapelo) #6

I don’t understand why in the new version of Graylog OVA 3.0 are not present the certificate and the configuration like in the past version ( like in the 2.4.5 version for example )

0 Likes

(Lindon Morris) #7

Fyi, the name of the node isn’t relevant, what is is the name that clients (and remember the graylog server itself is often a client) needs to match the name on the certificate, and the clients all need to trust the issuer of the certificate.

Best to avoid using IP to connect. Get yourself a cert with {for example) graylog.internal.domain.com and then make sure to always use that full name to connect, and in any config files. You’ll need a DNS entry for that name of course

0 Likes