SSL setting up problem


#1

I have three node setup, lets say its:

server1.graylog.mydomain.com
server2.graylog.mydomain.com
server3.graylog.mydomain.com

in front of them i have a network load balancer graylog.mydomain.com

I have two signed certificates for

*.graylog.mydomain.com

and

graylog.mydomain.com

my setup:
rest_listen_uri = https://server1.graylog.mydomain.com:12900/api/
rest_transport_uri = https://server1.graylog.mydomain.com:12900/api/

rest_listen_uri = https://server2.graylog.mydomain.com:12900/api/
rest_transport_uri = https://server2.graylog.mydomain.com:12900/api/

rest_listen_uri = https://server3.graylog.mydomain.com:12900/api/
rest_transport_uri = https://server3.graylog.mydomain.com:12900/api/

with *.graylog.mydomain.com certificate

AND

web_listen_uri = https://graylog.mydomain.com:9000/
web_endpoint_uri = https://graylog.mydomain.com:12900/api/

with graylog.mydomain.com certificate

When I access the web ui with https://graylog.mydomain.com (443->9000)

it works fine except:

graylog.mydomain.com:12900 uses an invalid security certificate.
The certificate is not valid for the name graylog.mydomain.com.
Error code: SSL_ERROR_BAD_CERT_DOMAIN

I add exception and everything is perfectly fine. I understand that my cert *.graylog.mydomain.com is not suitable for the request. server3.graylog.mydomain.com and so on is not registered in my DNS, do i have to register this to get it working? (what web_endpoint_uri would i need to setup?) Is this possible to configure this only withing graylog configuration?

I would like to have valid ssl between nodes and in web ui.


(Jochen) #2

You can include graylog.example.com and *.graylog.example.com in a single X.509 certificate using different Subject Alternative Names.


(system) #3

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.