I have just started the process of deploying Graylog 2.0.3 and cannot say anything about the process for settting up ssl within Graylog. if there really is an issue with using the built in capabilities, you can always try Apache as a proxy for Graylog. https://www.lisenet.com/2015/install-graylog2-server-on-centos-6/ and then look for the section configure Apache with https.
Once I actually get to the point where I am setting up my own cert, I will be able to comment more on this. On Wednesday, July 6, 2016 at 2:42:47 PM UTC-5, dave...@gmail.com wrote: > > All, > > I have been working on setting up a test instance of Graylog 2.0 for > several weeks now and I can't seem to make any progress with implementing > SSL. I have seen a few other posts asking about converting java wallets to > the new set up of cert and key pair but that doesn't apply I have a new > cert from a CA. I am pretty sure I have the cert in the correct encoding > "X.509 certificate with PEM encoding" that the documentation > <http://docs.graylog.org/en/2.0/pages/configuration/https.html>asks for. > I can use the command "openssl x509 -in cert.pem -text -noout" to see the > contents of the cert without issue. I can get Graylog 2.0 running with no > SSL and with self generated certs but when I use the certs from the CA > I keep getting the errors below in /var/log/graylog-server/server.log when > I try to start Graylog 2.0, I can send more of the log if needed. This is > installed on Oracle Linux Server release 6.7 with Graylog 2.0, > Elasticsearch, and MongoDB installed from their respective yum repos. Any > advice would be greatly appreciated, I'm just spinning my wheels at this > point. > > > 2016-07-06T14:02:42.862-05:00 ERROR [ServiceManager] Service > WebInterfaceService [FAILED] has failed in the STARTING state. > java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = > 48) > at > sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:253) > ~[?:1.8.0_73] > at > sun.security.util.DerInputStream.getOID(DerInputStream.java:281) > ~[?:1.8.0_73] > at > com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267) > ~[sunjce_provider.jar:1.8.0_71] > at > java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) > ~[?:1.8.0_73] > at > sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132) > ~[?:1.8.0_73] > at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114) > ~[?:1.8.0_73] > at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372) > ~[?:1.8.0_73] > at > javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95) > ~[?:1.8.0_71] > at > org.graylog2.shared.security.tls.PemKeyStore.generateKeySpec(PemKeyStore.java:69) > > ~[graylog.jar:?] > at > org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:96) > > ~[graylog.jar:?] > at > org.graylog2.shared.initializers.AbstractJerseyService.buildSslEngineConfigurator(AbstractJerseyService.java:187) > > ~[graylog.jar:?] > at > org.graylog2.shared.initializers.AbstractJerseyService.setUp(AbstractJerseyService.java:158) > > ~[graylog.jar:?] > at > org.graylog2.initializers.WebInterfaceService.startUp(WebInterfaceService.java:46) > > ~[graylog.jar:?] > at > com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60) > > [graylog.jar:?] > at > com.google.common.util.concurrent.Callables$3.run(Callables.java:100) > [graylog.jar:?] > at java.lang.Thread.run(Thread.java:745) [?:1.8.0_73] > 2016-07-06T14:02:42.896-05:00 ERROR [InputSetupService] Not starting any > inputs because lifecycle is: Uninitialized [LB:DEAD] > > 2016-07-06T14:02:42.941-05:00 ERROR [ServiceManager] Service > IndexerSetupService [FAILED] has failed in the STOPPING state. > java.lang.IllegalStateException: Can't move to started state when closed > at > org.elasticsearch.common.component.Lifecycle.moveToStarted(Lifecycle.java:130) > > ~[graylog.jar:?] > at > org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:69) > > ~[graylog.jar:?] > at > org.elasticsearch.transport.TransportService.doStart(TransportService.java:182) > > ~[graylog.jar:?] > at > org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:68) > > ~[graylog.jar:?] > at org.elasticsearch.node.Node.start(Node.java:278) > ~[graylog.jar:?] > at > org.graylog2.initializers.IndexerSetupService.startUp(IndexerSetupService.java:114) > > ~[graylog.jar:?] > at > com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60) > > [graylog.jar:?] > at > com.google.common.util.concurrent.Callables$3.run(Callables.java:100) > [graylog.jar:?] > at java.lang.Thread.run(Thread.java:745) [?:1.8.0_73] > > > 2016-07-06T14:02:43.202-05:00 ERROR [ServiceManager] Service > RestApiService [FAILED] has failed in the STOPPING state. > java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = > 48) > at > sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:253) > ~[?:1.8.0_73] > at > sun.security.util.DerInputStream.getOID(DerInputStream.java:281) > ~[?:1.8.0_73] > at > com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267) > ~[sunjce_provider.jar:1.8.0_71] > at > java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) > ~[?:1.8.0_73] > at > sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132) > ~[?:1.8.0_73] > at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114) > ~[?:1.8.0_73] > at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372) > ~[?:1.8.0_73] > at > javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95) > ~[?:1.8.0_71] > at > org.graylog2.shared.security.tls.PemKeyStore.generateKeySpec(PemKeyStore.java:69) > > ~[graylog.jar:?] > at > org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:96) > > ~[graylog.jar:?] > at > org.graylog2.shared.initializers.AbstractJerseyService.buildSslEngineConfigurator(AbstractJerseyService.java:187) > > ~[graylog.jar:?] > at > org.graylog2.shared.initializers.AbstractJerseyService.setUp(AbstractJerseyService.java:158) > > ~[graylog.jar:?] > at > org.graylog2.shared.initializers.RestApiService.startUp(RestApiService.java:65) > > ~[graylog.jar:?] > at > com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60) > > [graylog.jar:?] > at > com.google.common.util.concurrent.Callables$3.run(Callables.java:100) > [graylog.jar:?] > at java.lang.Thread.run(Thread.java:745) [?:1.8.0_73] > 2016-07-06T14:02:43.206-05:00 ERROR [ServerBootstrap] Graylog startup > failed. Exiting. Exception was: > java.lang.IllegalStateException: Expected to be healthy after starting. > The following services are not running: {STARTING=[RestApiService > [STARTING], IndexerSetupService [STARTING]], FAILED=[WebInterfaceService > [FAILED]]} > at > com.google.common.util.concurrent.ServiceManager$ServiceManagerState.checkHealthy(ServiceManager.java:713) > > ~[graylog.jar:?] > at > com.google.common.util.concurrent.ServiceManager$ServiceManagerState.awaitHealthy(ServiceManager.java:542) > > ~[graylog.jar:?] > at > com.google.common.util.concurrent.ServiceManager.awaitHealthy(ServiceManager.java:299) > > ~[graylog.jar:?] > at > org.graylog2.bootstrap.ServerBootstrap.startCommand(ServerBootstrap.java:129) > [graylog.jar:?] > at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:209) > [graylog.jar:?] > at org.graylog2.bootstrap.Main.main(Main.java:44) [graylog.jar:?] > > > --Dave C. > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/90066a51-43ff-4a71-9723-cc310653bb9e%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
