Need a little help with the documentation


(Graeme Lockett) #1

Hi,

I am following this document http://docs.graylog.org/en/2.4/pages/configuration/https.html

At step " Converting a PKCS #12 (PFX) file to private key and certificate pair" it mentions converting keystore.pfx to graylog-certificate.pem.

I am just wondering where this keystore.pfx file came from, it was not created in any of the previous steps.

I am clearly missing the obvious, can you help me out?

Thanks

Graeme


(Jan Doberstein) #2

He @devlin7

the mentioned site is not a step-by-step guide. This side includes every stept that might be needed. If no conversion is needed - do not make this.

What is your current state? What is the point you are stuck?

Jan


(Graeme Lockett) #3

Hi Jan,

Thanks for the reply.

Normally we would generate a csr file from the server needing the certificate including san info.
I would then generate the certificate against our certificate authority and then install the certificate on the server. I must be honest I was totally lost following the documentation.

I get that all parts of Graylog must run https for it to work and that there may need to be different cert files for each component. I have applied a lot certs to servers before but never seen anything like this before. I am not complaining, always good to learn new things.

Regards

G


(Jan Doberstein) #4

he @devlin7

you are right - the documentation is not really useful from the first user perspective. We work on this and it will improve over time.

REST API and Webinterface should use the same certificate and your own CA might need to be added to the JVM Keystore that Graylog can verify the connection.


(Graeme Lockett) #5

The java keytool is not present on the ova appliance, what should it be?

The program ‘keytool’ can be found in the following packages:

  • gcj-4.8-jre-headless
  • openjdk-7-jre-headless
  • gcj-4.6-jre-headless
  • openjdk-6-jre-headless
    Try: sudo apt-get install

I have all the certs in the required formats I just don’t know what to do with them. I only want a certificate on the logon page som our logons aren’t clear text.

Regards

Graeme


(Jan Doberstein) #6

all possible customizations with the OVA are given in the documentation: graylog-ctl

For your own certificate, just follow: http://docs.graylog.org/en/2.4/pages/configuration/graylog_ctl.html#install-custom-ssl-certificates


(Graeme Lockett) #7

Hi Jan.

Thanks for your help. I found this documentation earlier today. I changed the graylog.crt file and graylog.key earlier today and then got caught up on something else. I just restarted nginx and it all working beautifully. Many thanks for your help.

Regards

G


(system) #8

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.