Also, my certs folder looks like this.
I
I dont have these two file because I am using unencrypted pkcs#8 private key.
Also, in the documentation it is said that
‘PKCS #12 key stores (PFX files) are commonly used on Microsoft Windows’.
And as the system I am using in linux so I didnt follow the below step.
’ CONVERTING A PKCS #12 (PFX) FILE TO PRIVATE KEY AND CERTIFICATE PAIR’
Just and update on this.
I have updated dns and other stuff and now I am getting below error on chrome ‘ERR_SSL_KEY_USAGE_INCOMPATIBLE’.
I think if I open the site in older versions of browsers ., the site would work.
Is there some issues with certificate generation which you guys might have faced?
Hello,
This might be your problem, That documentation will work with Windows.
Example:
Windows Server 2019 Datacenter addition with Nxlog using GELF TCP/TLS/SSL
Sending Logs to Graylog version 4.2.8 /w GELF TCP Input.
Please take notice of the red boxes, those certificates are the third versions of those keys in the documentation
Nxlog log shipper on Windows Server 2019
define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define LOGFILE C:\Program Files (x86)\nxlog\data\nxlog.log
Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\nxlog.pid
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log
<Extension _fileop>
Module xm_fileop
# Check the log file size every hour and rotate if larger than 5 MB
<Schedule>
Every 1 hour
<Exec>
if (file_exists('%LOGFILE%') and file_size('%LOGFILE%') >= 5M)
file_cycle('%LOGFILE%', 8);
</Exec>
</Schedule>
# Rotate log file every week on Sunday at midnight
<Schedule>
When @weekly
Exec if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);
</Schedule>
</Extension>
<Extension gelf>
Module xm_gelf
</Extension>
<Input zone-01>
Module im_msvistalog
Query <QueryList>\
<Query Id="0">\
<Select Path="Application">*</Select>\
<Select Path="System">*</Select>\
<Select Path="Security">*</Select>\
</Query>\
</QueryList>
</Input>
<Output out>
Module om_ssl
Host graylog.domain.com
Port 51412
OutputType GELF_TCP
CertFile %CERTDIR%/graylog3-certificate.pem
CertKeyFile %CERTDIR%/graylog3-key.pem
CAFile %CERTDIR%/cert3.pem
KeyPass secret
AllowUntrusted true
Exec $Hostname = hostname_fqdn();
Exec $FullMessage = $raw_event;
#Exec to_syslog_snare();
</Output>
<Route >
Path zone-01 => out
</Route>
I agree the documentation maybe a little difficult but I also made the same mistake.
Its you certificates that are the problem and I assure you as soon as they are corrected and inserted in the keystore it will work.
Those links I posted above will help.
@gsmith @ttsandrew I have found the solution and now successfully completed the HTTPS setup.
The browser is showing ‘Not secure’ because its a self-signed certificate and new versions of browsers will show it like this.
I have made below change in ‘openssl-graylog.cnf’ file. Without this change browsers were throwing SSL key errors as shown in earlier messages.
I would suggest making change in Graylog official documentation and update this with above change.
Thanks a lot @gsmith and @ttsandrew for your instant responses and helping me out.
Hopefully if anyone else face similar issues , this post will be helpful.
Thanks!
Glad you solved it, yeah certs are frustrating for sure, If you could mark this as resolved for future searches that would be great 
I am not sure how to mark resolved.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
