Hello @spandey
Adding on to what @ttsandrew Suggested.
Something I found in your logs doesn’t seam correct.
If you were following that documentation you should have two certificates called graylog-key.pem & graylog-certificate.pem
Then perhaps something like this in Graylog’s Configuration file as shown below.
NOTE: I put those certificate in Graylog directory because Graylog owns that directory (easy).
Example of what I should see in your Graylog configuration file. I did a mockup from what you posted.
http_bind_address = 10.41.144.233:9000
http_publish_uri = https://graylog.chy.snc.jup.enghns.net:9000/
http_enable_cors = true
http_enable_tls = true
http_tls_cert_file = /etc/graylog-server/graylog-certificate.pem
http_tls_key_file = /etc/graylog-server/graylog/graylog-key.pem
http_tls_key_password = secret OR changeit
If your using JAVA default keystore called “cacerts” like @ttsandrew stated the password for that keystore is changeit . If you are using it then make sure you configuration match’s that password.
Example: You may run into something like this, use the newest version.
[root@graylog graylog_user]# locate cacerts
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.191.b12-1.el7_6.x86_64/jre/lib/security/cacerts
/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-1.el7_9.x86_64/jre/lib/security/cacerts
[root@graylog graylog_user]#
I’m not 100% sure but I think this issue is a combination of configuration an the wrong certificate used.
If you make you own KEYSTORE then I would use javax.net.ssl.trustStore /w -Djavax.net.ssl.trustStorePassword
Here are some other post that may have similar issues.
This post below I had to fine tune it for my needs but it did enlighten me on what I needed to do.
Hope that helps