Hello,
after SSL setup on our Graylog server, I can login into Graylog and the browser is satisfied with the certificate. Right after login into Graylog via SSL, the following errors start to apear in /var/log/graylog/server.log:
PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
After logout, the error messages stop filling the logfile.
Also: I can define an input (Syslog UDP) in the menu System > Inputs, but I can’t start it.
There are no errors and the input starts fine if TLS is disabled in server.conf
OS Information: AlmaLinux release 8.7 (Stone Smilodon)
Package Version: 5.0.6
Service logs, configurations, and environment variables:
2023-05-19T13:41:11.394+02:00 WARN [ProxiedResource] Unable to call https://syslog2.izum.pri:9000/api/system/metrics/multiple on node : PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
You’re in luck. @drewmiranda-gl just published a blog that gives excellent step by step guidance on how to enable TLS with Graylog. I encourage you to review it and come back with any questions you may have.
I suggest to integrate it in the installation manual, esecially the parts where the removal of text from the certificate and the import of public certs into Java Keystore are described.
Thanks @milos. It’s a good problem to have, but we are victims of our own success at the moment. Our docs team is working furiously to capture all the content that is being created throughout the company. These papers, videos, and such are meant to fill the gaps while they get caught up.
I’m glad it helped. @drewmiranda-gl will be pleased to hear it as well.
