*i followed this in the documentation* Creating a self-signed private key/certificate
Create PKCS#5 and X.509 certificate: $ openssl version OpenSSL 0.9.8zh 14 Jan 2016 $ openssl req -x509 -days 365 -nodes -newkey rsa:2048 -keyout pkcs5-plain.pem -out cert.pem Generating a 2048 bit RSA private key ............................+++ .+++ writing new private key to 'pkcs5-plain.pem' ----- [...] If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:Hamburg Locality Name (eg, city) []:Hamburg Organization Name (eg, company) [Internet Widgits Pty Ltd]:Graylog, Inc. Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:graylog.example.com Email Address []:hostmas...@graylog.example.com Convert PKCS#5 private key into a *plaintext* PKCS#8 private key: $ openssl pkcs8 -in pkcs5-plain.pem -topk8 -nocrypt -out pkcs8-plain.pem *then i added my certs in like explained here.* # Enable HTTPS support for the REST API. This secures the communication with the REST API# using TLS to prevent request forgery and eavesdropping.rest_enable_tls = true # The X.509 certificate chain file in PEM format to use for securing the REST API.rest_tls_cert_file = /path/to/graylog-certificate.pem # The PKCS#8 private key file in PEM format to use for securing the REST API.rest_tls_key_file = /path/to/graylog-key.pem # The password to unlock the private key used for securing the REST API.rest_tls_key_password = secret # Enable HTTPS support for the web interface. This secures the communication the web interface# using TLS to prevent request forgery and eavesdropping.web_enable_tls = true # The X.509 certificate chain file in PEM format to use for securing the web interface.web_tls_cert_file = /path/to/graylog-certificate.pem # The PKCS#8 private key file in PEM format to use for securing the web interface.web_tls_key_file = /path/to/graylog-key.pem # The password to unlock the private key used for securing the web interface.web_tls_key_password = secret When I restart the service everything seems to start ok but when I connect to the web interface I receive and error connecting to <1.1.1.1:12900> the rest api is accessible because if I turn web_tls and rest_tls back off i can reach everything. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/6e646984-f8aa-4ff3-ac63-346e5430a454%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
