Java - certification issue

(David Papay) #1

Our graylog running behind Loadbalancer on two nodes.
Bought trusted certificate is linked to Loadbalancer’s hostname/IP
Certificate was imported on Loalbalancer + both Graylog nodes.
Https connection works well (thanks to web_endpoint_uri=https://Loadbalancer:9000/api), but due to some Java issues inputs doesn’t works in Graylog.
I imported plain-text certificate to JVM trust store (cacerts file), and also set Graylog for use this:
But Graylog still doesn’t works correctly:

2017-05-30T12:08:18.946+02:00 WARN [ProxiedResource] Unable to call https://FirstNodeHostname:9000/api/system/inputstates on node Hostname FirstNodeHostname not verified:

2017-05-30T12:23:49.920+02:00 WARN [ProxiedResource] Unable to call https://FirstNodeHostname:9000/api/system/metrics/multiple on node Hostname FirstNodeHostname not verified:

The same also for SecondNodeHostname

Can you help me how to solve this problem please?
Thanks in advance.

(Jan Doberstein) #2

your certificate in graylog is not valid - because you have one for Loadbalancer (as you have written) and not for FirstNodeHostname. That is the reason the cert is not able to be verified.

(David Papay) #3

Thanks for information Jan, I thought it.
If we buy One certificate which will contain Common Name (Loadbalancer’s hostname) and two Subject Alternative Names (SANs) (both Graylog hostnames), will it works correctly please?

(Jan Doberstein) #4

that should work. yes

(system) closed #5

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.