HTTPS signature check failed

Hi All,

I am trying to setup the SSL/TLS in graylog by using the following documentation:

but however i am getting the following error response and I am unable to proceed further.

2021-03-29T14:49:36.164-05:00 WARN [ProxiedResource] Unable to call https ://192.168.255.238:9000/api/system/metrics/multiple on node <7449abff-806f-471a-84cd-adce278c59d8>: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed

I am using Ubuntu 18.04 + Graylog 4.0.5 + Nginx 1.14.0 and I have added the self signed certificate (cert.pem) to the keystore and I used the below command to verified that certificate is added.

root@graylog:/etc/ssl/certs/graylog# keytool -keystore cacerts.jks -storepass changeit -list
graylog-self-signed, Mar 29, 2021, trustedCertEntry,
Certificate fingerprint (SHA1): FD:41:B5:7D:5A:9A:11:EE:93:88:FE:C0:10:89:12:8B:B5:D2:D8:F6

and further I have added the new JVM truststore in the Graylog JAVAOPTS variable in the location (/etc/default/graylog-server)

Please correct me if I am doing anything wrong and share your thoughts.

Regards,
Tomás

@tgabutti
Hello,

It could be several reasons why Graylog is complaining about your certificates. Couple that come to mind is the proper certificates being used? Can graylog access the keystore? Was the correct certificate inserted in the keystore? Is Graylog server.conf file configured correctly?

As a troubleshooting tip have you tried not using Nginx for a reverse proxy and just run Graylog with HTTPS? Reason I ask this because someone else had a simulair issue, It ended up being his Nginx configuration causing problems.

As you can see there are many topics of HTTPS and TCP/TLS in the forum.
https://community.graylog.org/search?q=https

Hope this helps.

Hi @gsmith,

Thank you for your response. I will try accessing Graylog without passing through nginx.

Regards Tomás.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.