Problem to secure graylog

yan · July 11, 2025, 8:35am

Hello

Can you help me to soluce my problem ?

I have two server in this configuration :
server A => graylog 6.3.1 / mongodb 6.0.24
server B => opensearch 2.15.0

They work good. but they are unsecured.

I want to secure them step by step.

I begun to pass my graylog in https with a no self-signed certificate.

I can connect to graylog on https://mygraylog.mydomain.fr:9000 but when I go in the menu “Search”, I have this error

"Error!

Executing search failed: SyntaxError: Unexpected token 'N', "None of th"... is not valid JSON"

On server A, curl -k http://IpserverB:9200, I have a good JSON response :

{
  "name" : "node-1",
  "cluster_name" : "graylog",
  "cluster_uuid" : "ngiCNCv0T96nQfxTlGCRuA",
  "version" : {
    "distribution" : "opensearch",
    "number" : "2.15.0",
    "build_type" : "deb",
    "build_hash" : "61dbcd0795c9bfe9b81e5762175414bc38bbcadf",
    "build_date" : "2024-06-20T03:27:12.329408119Z",
    "build_snapshot" : false,
    "lucene_version" : "9.10.0",
    "minimum_wire_compatibility_version" : "7.10.0",
    "minimum_index_compatibility_version" : "7.0.0"
  },
  "tagline" : "The OpenSearch Project: https://opensearch.org/"
}

On my server A (graylog+mongodb), I have this warning in /var/log/graylog-server/server.log :
2025-07-11T08:29:48.820Z WARN [ProxiedResource] Failed to call API on node <fac11443-3d9d-4c65-80ed-69d3e345edb7>, cause: None of the TrustManagers trust this certificate chain. (duration: 6 ms)

Thank you.

Yann

yan · July 11, 2025, 9:52am

Ok ! I have soluce my problem.

Its was my certificate file.

For Graylog, the certificat file muse have the certificat but the intermediate certificate too !

I’ve done these commands

sudo openssl pkcs12 -in /home/gray01/orgincertificate.pfx -nocerts -out /etc/graylog/ssl/graylog-key.pem -nodes
sudo openssl pkcs12 -in /home/gray01/orgincertificate.pfx -clcerts -nokeys -out /etc/graylog/ssl/graylog-cert.pem

sudo openssl x509 -in /etc/graylog/ssl/graylog-cert.pem -text -noout | grep "CA Issuers"
  
sudo wget http://OrganizationValidationSecureServerCA.crt -O /etc/graylog/ssl/intermediate.pem
  
sudo file /etc/graylog/ssl/intermediate.pem
sudo openssl x509 -in /etc/graylog/ssl/intermediate.pem -inform DER -out /etc/graylog/ssl/intermediate.pem -outform PEM
sudo file /etc/graylog/ssl/intermediate.pem
==> must be /etc/graylog/ssl/intermediate.pem: PEM certificate
  
  
sudo bash -c 'cat /etc/graylog/ssl/graylog-cert.pem /etc/graylog/ssl/intermediate.pem > /etc/graylog/ssl/graylog-fullchain.pem'
 
sudo chmod 640 /etc/graylog/ssl*pem
sudo chown root:graylog /etc/graylog/ssl/*pem

I have complete these lines in my /etc/graylog/server/server.conf

http_enable_tls=true
http_tls_cert_file=/etc/graylog/ssl/graylog-fullchain.pem
http_tls_key_file=/etc/graylog/ssl/graylog-key.pem

Thanks.

Topic		Replies	Views
Unable to get https on graylog to work Graylog Central (peer support)	4	3469	June 21, 2017
Gray Log with Existing OpenSearch New to Graylog Community? READ-ME FIRST Guides	4	1888	August 12, 2023
Input not running but still receiving logs, with error: Failed to call API on node/None of the TrustManagers trust this certificate chain Graylog Central (peer support)	2	1975	February 26, 2024
Certificate issue Graylog Central (peer support) data-node	9	51	July 7, 2025
Graylog+Opensearch. Unable to retrieve version from Elasticsearch node: Unsupported or unrecognized SSL message. - Unsupported or unrecognized SSL message Graylog Central (peer support)	2	3324	September 25, 2023

Problem to secure graylog

Related topics