TLS Input Error

dickinsonzach · March 22, 2021, 2:12pm

Good morning all, I hope all is well.

I was able to successfully add SSL to the web interface with the following config:

http_tls_cert_file = /etc/graylog/cert.pem
http_tls_key_file = /etc/graylog/pkcs8-encrypted.pem
http_tls_key_password = secret

Now I am trying to use those certs for an Input with TLS:

I supply my source with the above cert.pem and get the following in the log:
File does not contain valid private key: /etc/graylog/pkcs8-encrypted.pem

If connect to the web interface from CLI with:
openssl s_client -showcerts -connect host:9000
I see all my cert information

But on the Input with TLS
openssl s_client -showcerts -connect host:5142
I don’t see any cert information

I thought once I got the web interface squared away, adding TLS to an Input would be easy

Thank you, Zach.

gsmith · March 22, 2021, 10:41pm

When you made certs for HTTPS do you still have your key cert.
I read somewhere someone restart the graylog service and the INPUT started to work.

I used these two from the docs for my INPUTS TCP/TLS

dickinsonzach · March 23, 2021, 12:02pm

Interesting, I’ll check and see and give it a go if I do. Thank you, Zach.

system · April 6, 2021, 12:02pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
TLS Connection not working Graylog Central (peer support)	7	1182	April 23, 2020
Syslog TLS Input CERTIFICATE_UNKNOWN Graylog Central (peer support)	2	736	March 4, 2021
SSL/TLS for Input Problem Graylog Central (peer support)	4	2683	May 13, 2020
Having issues enabling HTTPS on 3.2 Graylog Central (peer support)	5	799	March 17, 2020
OPENSSL_internal:BAD_PACKET_LENGTH Graylog Central (peer support)	8	209	March 1, 2024

TLS Input Error

Related Topics