Hi Jochen, thanks. It solved ! the error is not intutive.
Can you also tell me which format the TLS client auth certs should be ? PEM or PKCS? On Thursday, 28 January 2016 03:20:43 UTC-6, Jochen Schalanda wrote: > > Hi Mohana, > > make sure that the system user who is running the Graylog server node(s) > has sufficient permissions to access the configured private key and > certificate files. The user must be able to descend into the > directory /opt/graylog/conf/nginx/ca/ and finally read the private key and > certificate files. > > > Cheers, > Jochen > > On Wednesday, 27 January 2016 22:53:32 UTC+1, Mohana Rao wrote: >> >> Hi, >> >> When I use the graylog docker image and configuring the GelfTCP with >> below values. And also entering the certificate path from the UI >> >> >> recv_buffer_size: 1048576 >> port: 12201 >> tls_key_file: /opt/graylog/conf/nginx/ca/graylog.key >> tls_key_password: ******* >> tls_enable: true >> use_null_delimiter: true >> tls_client_auth_cert_file: >> max_message_size: 2097152 >> tls_client_auth: optional >> override_source: >> bind_address: 0.0.0.0 >> tls_cert_file: /opt/graylog/conf/nginx/ca/graylog.crt >> >> >> >> Both the cert and key file are exist but it is still creating self signed >> certificate as below >> >> >> >> registry_1 | 2016-01-27_21:29:09.31474 WARN [AbstractTcpTransport] TLS >> key file or certificate file does not exist, creating a self-signed >> certificate for input [GELF TCP/56a936a5e4b034e265a2f16d]. >> registry_1 | 2016-01-27_21:29:09.31903 INFO [InputStateListener] Input >> [GELF TCP/56a936a5e4b034e265a2f16d] is now STARTING >> registry_1 | 2016-01-27_21:29:09.40140 INFO [AbstractTcpTransport] >> Enabled TLS for input [GELF TCP/56a936a5e4b034e265a2f16d]. >> key-file="/tmp/keyutil_0.0.0.0:null_1142539487444557174.key" >> cert-file="/tmp/keyutil_0.0.0.0:null_5372303287589154166.crt" >> registry_1 | 2016-01-27_21:29:09.41374 INFO [InputStateListener] Input >> [GELF TCP/56a936a5e4b034e265a2f16d] is now RUNNING >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/06fa4717-23fd-4e3e-9e2a-28b28bdf82b6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
