Hello fellows,
I’m trying to install a centralized logging server and ran into graylog which offered everything I need. For now I installed the Virtual Appliance on a VMware-Infrastructure, configured OS-settings and wanted to install a self-signed certificate as described in the following article, so that the logs won’t be send in plain text and also to enable https: http://docs.graylog.org/en/2.2/pages/configuration/https.html
I generated an certificate and deployed it in the exported cacerts.jks under /etc/graylog/cert. The fingerprint was also identical when I verified the cacerts.jks file.
The problem I’m having is, that I don’t know how to go further. The article says that I have to start the JVM with the parameters for the new cacerts.jks path and also the new password for this trust store, but I can’t find any information on how to start the JVM. Maybe it’s because I didn’t read correctly or because I’m not so familiar with Linux.
I’d appreciate some help and maybe some tips for further deployment
Thank you for your response. I’ve taken a look at the documentation again and noticed that I skipped a paragraph. I found the graylog configuration file, but noticed that following lines were missing (as described in the documentation)
The API-lines were there though. I just added the missing lines with the correct paths and passwords, restarted all services, reconfigured graylog via graylog-ctl script, but somehow my self-signed certificate won’t apply. It is still the standard certificate provided in the OVA.
Is there another way, to apply my self-signed certificate? Am I missing something again?
I used another browser to be sure that it’s not cache related.
Thank you very much for your help, I figured it out. I had to convert my certificate and keyfile into the right format and then copy it in /opt/graylog/conf/nginx/ca . After that the nginx-service had just to be restartet with the graylog-ctl script.
