Question about permissions to keys and certs for HTTPS

Sorry to ask this question - not trying to be a bother, but I have tried to thoroughly research this both in the forums and online for a solution, but have been unable to find it. Quick background - I am completely new to Linux(using Ubuntu). I’ve been able to follow the documentation to successfully set up a single instance of Graylog in a non-clustered environment. The issue I’m having is with configuring HTTPS.

I have followed the documentation to the T, and have also gone through tutorials and notes provided by other people, but am continuing to have an issue with “Unreadable or missing HTTP private key”. I saw in a couple of older posts that it was recommended to look into the permissions that the user running the service has to the key and cert files. I have tried to work around this by creating and storing the keys and certs in different directories, including inside and outside of the Graylog directory, but to no avail.

I have only built one user in Ubuntu, which I use to sign in and configure things. Let’s call it “UbuntuUser”. Per suggestion from previous posts, I run "namei -l ". In the results, it lists “root” for all directories, with similar permissions, until the final line for the .pem file. It’s only showing the following:
-rw------- root root key.pem

Does anyone know which “user” runs the Graylog service? I’m also trying to find the best way to give that user the permissions it needs to access the files in that directory. In the suggestions I’ve found from the past, the person helping never gave the full commands that should be used to perform these changes. Does anyone have any advice for a newbie?

Thanks so much!

Graylog normally run as user graylog, so your certificate should be readable by graylog user. The simplest way is to change owner to graylog:

sudo chown graylog /etc/graylog/server/certificate.pem

You can found your running user using one of these commands:

ps -ef |grep graylog
systemctl cat graylog-server.service

1 Like

Thank you shoothub! I was able to find information about the chmod command and its parameters shortly before your response, but I appreciate your help all the same.

For any future users(and other new Linux newbies such as myself), to add on to shoothub’s suggestion, I used the following command to modify permissions on my key and cert pem files:

To add “group” read permissions: chmod g+r
To add “other” read permissions: chmod o+r

I’m not certain that both “group” and “other” permissions are needed, but it worked for me in conjunction with other Graylog resources I found online.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.