Hi Mohana, make sure that the system user who is running the Graylog server node(s) has sufficient permissions to access the configured private key and certificate files. The user must be able to descend into the directory /opt/graylog/conf/nginx/ca/ and finally read the private key and certificate files.
Cheers, Jochen On Wednesday, 27 January 2016 22:53:32 UTC+1, Mohana Rao wrote: > > Hi, > > When I use the graylog docker image and configuring the GelfTCP with below > values. And also entering the certificate path from the UI > > > recv_buffer_size: 1048576 > port: 12201 > tls_key_file: /opt/graylog/conf/nginx/ca/graylog.key > tls_key_password: ******* > tls_enable: true > use_null_delimiter: true > tls_client_auth_cert_file: > max_message_size: 2097152 > tls_client_auth: optional > override_source: > bind_address: 0.0.0.0 > tls_cert_file: /opt/graylog/conf/nginx/ca/graylog.crt > > > > Both the cert and key file are exist but it is still creating self signed > certificate as below > > > > registry_1 | 2016-01-27_21:29:09.31474 WARN [AbstractTcpTransport] TLS key > file or certificate file does not exist, creating a self-signed certificate > for input [GELF TCP/56a936a5e4b034e265a2f16d]. > registry_1 | 2016-01-27_21:29:09.31903 INFO [InputStateListener] Input > [GELF TCP/56a936a5e4b034e265a2f16d] is now STARTING > registry_1 | 2016-01-27_21:29:09.40140 INFO [AbstractTcpTransport] Enabled > TLS for input [GELF TCP/56a936a5e4b034e265a2f16d]. > key-file="/tmp/keyutil_0.0.0.0:null_1142539487444557174.key" > cert-file="/tmp/keyutil_0.0.0.0:null_5372303287589154166.crt" > registry_1 | 2016-01-27_21:29:09.41374 INFO [InputStateListener] Input > [GELF TCP/56a936a5e4b034e265a2f16d] is now RUNNING > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/24c4ffa7-fb89-499f-af94-9aab3debfa4c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
