try to conect Wazuh indexer 4.8 SSL error graylog 6.0

New to Graylog Community? READ-ME FIRST Guides
1

Hi Community i try to conect wazuh indexer version 4.8 to graylog for HTTPS, BUT have a big error.

context

in my graylog server conf have this configuration :

instances as leader. The leader will perform some periodical tasks that non-leaders won’t perform.

is_leader = true

The auto-generated node ID will be stored in this file and read after restarts. It is a good idea

to use an absolute file path here if you are starting Graylog server from init scripts or similar.

node_id_file = /etc/graylog/server/node-id

password_secret = Jj0AJStd6XDCVkm0tSarcFcCcYo2R7Iv7574fdRa87z3FM1lmrpLtdOFIhTipKOnahUwMR6tc-voxv4NGZeMkW18ZViaxEXA

root_password_sha2 = 7804a56a5c7636cc05814736f44139e32920810d3bd51aa099a5df932e754ce9

Set the data directory here (relative or absolute)

This directory is used to store Graylog server state.

data_dir = /var/lib/graylog-server

Set plugin directory here (relative or absolute)

plugin_dir = /usr/share/graylog-server/plugin

###############

HTTP settings

http_bind_address = 0.0.0.0:9000

AND THE ELASTICSEARCH CONFIGURATION

#Default: http://127.0.0.1:9200
#elasticsearch_hosts = http://node1:9200,http://user:password@node2:9200
#elasticsearch_hosts = https:admin:admin@192.168.1.236:9200
elasticsearch_hosts = https://192.168.1.236:9200
elasticsearch_ssl_verification_mode = certificate
elasticsearch_ssl_certificate_authorities = /home/ubuntu/my-root-ca.pem
elasticsearch_user = admin
elasticsearch_password = admin

in the wazuh indexer have the certificate
plugins.security.ssl.http.pemcert_filepath: /etc/wazuh-indexer/certificate-indexer/wazuh-indexer.crt
plugins.security.ssl.http.pemkey_filepath: /etc/wazuh-indexer/certificate-indexer/wazuh-indexer.key
plugins.security.ssl.http.pemtrustedcas_filepath: /etc/wazuh-indexer/certificate-indexer/CA/my-root-ca.pem

plugins.security.ssl.transport.pemcert_filepath: /etc/wazuh-indexer/certificate-indexer/wazuh-indexer.crt
plugins.security.ssl.transport.pemkey_filepath: /etc/wazuh-indexer/certificate-indexer/wazuh-indexer.key
plugins.security.ssl.transport.pemtrustedcas_filepath: /etc/wazuh-indexer/certificate-indexer/CA/my-root-ca.pem

plugins.security.ssl.http.enabled: true

the user and pass is haved de the role of administrator,the mongodb is correct connect, the credencials is correct., the certificate root ca is correct imported to

Fix for log4j CVE-2021-44228

GRAYLOG_SERVER_JAVA_OPTS=“$GRAYLOG_SERVER_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true”

GRAYLOG_SERVER_JAVA_OPTS=“$GRAYLOG_SERVER_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true -Djavax.net.ssl.trustStore=/etc/graylog/server/certs/cacerts -Djavax.net.ssl.trustStorePassword=changeit”

but have this log of error

024-09-08T07:06:08.568-04:00 INFO [VersionProbe] OpenSearch/Elasticsearch is not available. Retry #1
2024-09-08T07:06:13.580-04:00 ERROR [VersionProbe] Unable to retrieve version from OpenSearch/Elasticsearch node 192.168.1.236:9200: unknown error - an exception occurred while deserializing error response: com.fasterxml.jackson.core.JsonParseException: Unrecognized token ‘Unauthorized’: was expecting (JSON String, Number, Array, Object or token ‘null’, ‘true’ or ‘false’)

any idea of this error, i thing of format of credentials but y need help

note> when i put plugins.security.disabled: false in the opensearch.yml , the graylog is ready to conect and all is ready.

but i need conect to SSL i cant work without SSL