Hello to all
I know this question was already posted but even I looked at several posts (some are old with broken links), I did not find a walkthrough to make Graylog working in https without having issues while following it.
Please, could you tell me which steps I have to do? I have 4.3 version.
I thank you very much
Sara
Hello @Sara1977
-
Generate certificate request via openssl
for this point generate a cert with your own ca or create e self signed cert -
The certificate chain
The chain must be stored as a PEM. In this case, the certificate was pkcs#7 and had to be converted. The current format can be determined as follows
Right-click on the certificate → Properties → General
It can be viewed under File type
-
Conversion of the certificate
Is necessary because currently Graylog can only read the certificate as PEM
pkcs#7 in PEM
openssl pkcs7 -print_certs -in<certificatename>.p7b -out <certificatename.pem>
X.509 in PEM
openssl x509 - in <certificatename.cer> -outform PEM -out <certificatename.pem>
- Make certificate and private key readable for Graylog
sudo chown graylog:graylog <private.key>
sudo chown graylog:graylog <cerificatename.pem>
sudo chmod 400 <private.key>
sudo chmod 400 <certificatename.pem>
- Configuring the Graylog server
sudonano/etc/graylog/server/server.conf
I flipped the port to 8080 because 9000 is used by somthing else in my environment.
As the private key is not encrypted, no password is required and the point can remain commented out.
The certificate chain must also be stored in graylog’s jvm truststore for internal communication to work
sudo find / -name cacerts
sudo keytool - import -keystore /usr/share/graylog-server/jvm/lib/security/cacerts - file /etc/ssl/certs/gray .pem
- Sources for further reading
Using HTTPS — Graylog 3.2.0 documentation
How to convert a certificate into the appropriate format
Thanks a lot Marvin1!
I will try soon and make you know.
Have a nice day, Sara
Hello again Martin. Elasticsearch gave me error. I also changed the network host in elasticsearch.yml in network.host: https://localhost but in the logs I see this error: java.net.UnknownHostException: https://localhost: Name or service not known
What am i doing wrong?
Many thanks, Sara
You dont have to change anything in Elasticsearch. In elastic you only change at the beginning of the installation the cluster.name. And maybe later the path.logs (Path to where the logs are stored)
All https configuration is only in the server.conf of graylog.
If you get an elasticsearch error after setting all up you can try to give elastic the cert too.
sudo keytool - import -keystore /usr/share/elasticsearch/jdk/lib/security/cacerts - file /etc/ssl/certs/gray .pem
Hello Marvin, now I don’t have any Elasticsearch error but I still have connection refused on https web page. I will look now at all the logs, I am missing something! Thank you very much, Sara
Finally I was able to work in https but browser tells me it’s not secure because of self signed certificate. Now I have to fix this error. I thank you very much Marvin! Have a nice day, Sara
lol i was not aware that my machine (it’s a test one) had wrong timezone.
Set the right one, now it works like a charm
1 Like
If my post solved the issue you can mark it as solution. Then others can also benefit from it in the future.
Greetings
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.