Setting up HTTPS connection error - Unreadable or missing HTTP private key

Also, my certs folder looks like this.


I dont have these two file because I am using unencrypted pkcs#8 private key.
Also, in the documentation it is said that
‘PKCS #12 key stores (PFX files) are commonly used on Microsoft Windows’.
And as the system I am using in linux so I didnt follow the below step.

Just and update on this.
I have updated dns and other stuff and now I am getting below error on chrome ‘ERR_SSL_KEY_USAGE_INCOMPATIBLE’.


I think if I open the site in older versions of browsers ., the site would work.

Is there some issues with certificate generation which you guys might have faced?


This might be your problem, That documentation will work with Windows.
Windows Server 2019 Datacenter addition with Nxlog using GELF TCP/TLS/SSL
Sending Logs to Graylog version 4.2.8 /w GELF TCP Input.
Please take notice of the red boxes, those certificates are the third versions of those keys in the documentation

Nxlog log shipper on Windows Server 2019

define ROOT C:\Program Files (x86)\nxlog
define CERTDIR %ROOT%\cert
define LOGFILE C:\Program Files (x86)\nxlog\data\nxlog.log

Moduledir %ROOT%\modules
CacheDir %ROOT%\data
Pidfile %ROOT%\data\
SpoolDir %ROOT%\data
LogFile %ROOT%\data\nxlog.log

<Extension _fileop>
    Module xm_fileop
    # Check the log file size every hour and rotate if larger than 5 MB
        Every 1 hour
            if (file_exists('%LOGFILE%') and file_size('%LOGFILE%') >= 5M)
                file_cycle('%LOGFILE%', 8);
    # Rotate log file every week on Sunday at midnight
        When    @weekly
        Exec    if file_exists('%LOGFILE%') file_cycle('%LOGFILE%', 8);

<Extension gelf>
    Module      xm_gelf
<Input zone-01>
    Module      im_msvistalog
    Query <QueryList>\
    <Query Id="0">\
    <Select Path="Application">*</Select>\
    <Select Path="System">*</Select>\
    <Select Path="Security">*</Select>\

<Output out>
    Module      om_ssl 
    Port        51412
    OutputType  GELF_TCP 
    CertFile    %CERTDIR%/graylog3-certificate.pem
    CertKeyFile %CERTDIR%/graylog3-key.pem
    CAFile      %CERTDIR%/cert3.pem
    KeyPass     secret 
    AllowUntrusted  true   
    Exec $Hostname = hostname_fqdn();
    Exec $FullMessage = $raw_event;
    #Exec        to_syslog_snare();

<Route >
    Path        zone-01 => out

I agree the documentation maybe a little difficult but I also made the same mistake.
Its you certificates that are the problem and I assure you as soon as they are corrected and inserted in the keystore it will work.

Those links I posted above will help.

@gsmith @ttsandrew I have found the solution and now successfully completed the HTTPS setup.

The browser is showing ‘Not secure’ because its a self-signed certificate and new versions of browsers will show it like this.

I have made below change in ‘openssl-graylog.cnf’ file. Without this change browsers were throwing SSL key errors as shown in earlier messages.

I would suggest making change in Graylog official documentation and update this with above change.

Thanks a lot @gsmith and @ttsandrew for your instant responses and helping me out.

Hopefully if anyone else face similar issues , this post will be helpful.

1 Like


Glad you solved it, yeah certs are frustrating for sure, If you could mark this as resolved for future searches that would be great :+1:

I am not sure how to mark resolved.

EDIT Thats just an example but its the three dots your looking for

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.