Yes sir, while debugging java & tls I copied the keystore over to /etc/graylog/server/cacerts.jks , added my company CA’s and shadowCA to it, and tweaked my JAVA_OPTS like so::
GRAYLOG_SERVER_JAVA_OPTS="-Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Djavax.net.ssl.trustStore=/etc/graylog/server/cacerts.jks -Djavax.net.debug=all"
NO LUCK…
Synology at this time just will not Syslog over SSL/TLS… =(