I have just configured a new Graystack and have chosen to enable tls. Here are my TLS settings, server side:
#### Enable HTTPS support for the HTTP interface
# This secures the communication with the HTTP interface with TLS to prevent request forgery and
# Default: false
http_enable_tls = true
# The X.509 certificate chain file in PEM format to use for securing the HTTP interface.
http_tls_cert_file = /etc/certs/grayserver-0.pem
# The PKCS#8 private key file in PEM format to use for securing the HTTP interface.
http_tls_key_file = /etc/certs/grayserver-0.key
# The password to unlock the private key used for securing the HTTP interface.
#http_tls_key_password = secret
There are no errors within the logs to suggest TLS is configured improperly (Graylog is communicating with mongodb [same server]); it communicates with 3 Opensearch Nodes via TLS without error.
However, when I attempt to ingest via TLS, I get this error:
Unfortunately, with our setup with Fortinet/FortiGate ranging for 60D to 100F series Firewalls, this is internal. We haven’t had the use for certificates between the two. This is internal so they can’t reach the internet. This makes it easier to secure since no one can reach them. As for testing this we have a while back BUT we used OpenSSL to create them.
I still haven’t figured out the Fortigate but have everything else figured (except TLS client authentication; not sure if the juice is worth the squeeze).
AD does indeed make things difficult for my little predominantly linux molded brain but I found a process that works for me.
I just export the root/intermediate cert and key to a linux vm and then use a script I frankensteined together from various sources (OpenSearch, Wazuh, etc.) to create my certs using OpenSSL and the AD cert to sign the csr’s. AD isn’t the wiser and its a billion times easier (IMHO).