Hi Giwenn, what are the attributes of your self-signed certificate, especially the CommonName (CN) and optionally the AltSubjName?
In your first message, it looks like it was CN=10.22.5.24:9000, which is wrong (it has to be the host name of the Graylog node, i. e. CN=10.22.5.24 or CN=graylog.example.com). Cheers, Jochen On Thursday, 2 February 2017 16:48:43 UTC+1, Giwenn Launay wrote: > > Hi Jochen, > > > Here are the commands that I pass to put my server graylog in HTTPS: > > 1- > > openssl req -x509 -days 7300 -nodes -newkey rsa:2048 -keyout graylogkey.pem > -out graycert.pem > > 2- openssl pkcs8 -in graylogkey.pem -topk8 -nocrypt -out graykey.pem > > 3- configuration this server.conf: > > rest_enable_tls = true > rest_tls_cert_file = /path/to/graycert.pem > rest_tls_key_file = /path/to/graylog-key.pem > web_enable_tls = true > web_tls_cert_file = /path/to/graycert.pem > web_tls_key_file = /path/to/graykey.pem > > I have not set a password for the keys yet. > > 4 - keytool -importcert -keystore > /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts > -storepass changeit -alias graylog-self-signed -file graycert.pem > > 5 - Verify that the certificate has been added: > > keytool -keystore > /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts > -storepass changeit -list | grep graylog-self-signed -A1 > > answer: > graylog-self-signed, 2 févr. 2017, trustedCertEntry, > Empreinte du certificat (SHA1) : > 78:1B:E5:57:92:7C:65:43:69:E2:4E:20:34:E3:BB:7D:F7:33:D8:08 > > 6- Addition of the instruction in the jvm trust: > > GRAYLOG_SERVER_JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts" > > 7- restart the server > > > The error message appears when connecting to the web page. The inputs and > outputs do not work, they are in not running mode. > Is my configuration good? > > Thank =) > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1656783b-f336-4d0a-83b2-f7e363454bc5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
