Can someone provide the instructions necessary to run the collector with client authentication? I successfully configured the client and the server without the client verification "required" on. As soon as I turn it on, the errors on the server are: *javax.net.ssl.SSLHandshakeException: null cert chain* and on the client: *io.netty.handler.codec.DecoderException: javax.net.ssl.SSLException: Received fatal alert: bad_certificate*
I tried everything I know, but with no luck. I understood, from the server sources, that those fields are used to create a KeyStore. How can I enable DEBUG level on server? It seems that the methods used to create the keystore can provide additional information. About the FullChain Certificate file on the client, which is quite obscure too, PEM format is ok? I just copied keys and certificates with this order: key, client certificate, ca certificate Any help will be very appreciated. Thanks!! On Tuesday, June 9, 2015 at 4:48:22 PM UTC+2, Bernd Ahlers wrote: > > David, > > I just tried to set this up on my machine and have been using the > following command to convert my key to PKCS8. > > openssl pkcs8 -topk8 -inform pem -in file.key -outform pem -nocrypt > -out file.key.pem > > That worked fine for me. Maybe your conversion command was different? > > Hope that helps! > > Regards, > Bernd > > David Vokáč [Tue, Jun 09, 2015 at 02:41:39AM -0700] wrote: > >Hello Bernd, > > > >I would like to have a specification of formats needed for this to > actually > >work. I am getting this Error on server side: > > > >ERROR: org.graylog2.inputs.transports.TcpTransport - Error creating SSL > >context. Make sure the certificate and key are in the correct format. > >cert=X.509 key=PKCS#8 > > > >My key is PKCS8 (had to convert it since it is not written anywhere, but > >thats not an issue, really). My CER is a X509 certificate. > >Are there any guidelines what does the cer/key pair have to have for this > >to actually work? > > > >Thank you, > > > >David > > > >-- > >You received this message because you are subscribed to the Google Groups > "graylog2" group. > >To unsubscribe from this group and stop receiving emails from it, send an > email to graylog2+u...@googlegroups.com <javascript:>. > >For more options, visit https://groups.google.com/d/optout. > > > -- > Developer > > Tel.: +49 (0)40 609 452 077 > Fax.: +49 (0)40 609 452 078 > > TORCH GmbH - A Graylog company > Steckelhörn 11 > 20457 Hamburg > Germany > > Commercial Reg. (Registergericht): Amtsgericht Hamburg, HRB 125175 > Geschäftsführer: Lennart Koopmann (CEO) > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/7596c5bb-38c8-4cb2-b365-42b5f17a6091%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
