Hi Jochen, thanks. It solved ! the error is not intutive.
Can you also tell me which format the TLS client auth certs should be ? PEM or PKCS? On Thursday, 28 January 2016 03:20:43 UTC-6, Jochen Schalanda wrote: > > Hi Mohana, > > make sure that the system user who is running the Graylog server node(s) > has sufficient permissions to access the configured private key and > certificate files. The user must be able to descend into the > directory /opt/graylog/conf/nginx/ca/ and finally read the private key and > certificate files. > > > Cheers, > Jochen > > On Wednesday, 27 January 2016 22:53:32 UTC+1, Mohana Rao wrote: >> >> Hi, >> >> When I use the graylog docker image and configuring the GelfTCP with >> below values. And also entering the certificate path from the UI >> >> >> recv_buffer_size: 1048576 >> port: 12201 >> tls_key_file: /opt/graylog/conf/nginx/ca/graylog.key >> tls_key_password: ******* >> tls_enable: true >> use_null_delimiter: true >> tls_client_auth_cert_file: >> max_message_size: 2097152 >> tls_client_auth: optional >> override_source: >> bind_address: 0.0.0.0 >> tls_cert_file: /opt/graylog/conf/nginx/ca/graylog.crt >> >> >> >> Both the cert and key file are exist but it is still creating self signed >> certificate as below >> >> >> >> registry_1 | 2016-01-27_21:29:09.31474 WARN [AbstractTcpTransport] TLS >> key file or certificate file does not exist, creating a self-signed >> certificate for input [GELF TCP/56a936a5e4b034e265a2f16d]. >> registry_1 | 2016-01-27_21:29:09.31903 INFO [InputStateListener] Input >> [GELF TCP/56a936a5e4b034e265a2f16d] is now STARTING >> registry_1 | 2016-01-27_21:29:09.40140 INFO [AbstractTcpTransport] >> Enabled TLS for input [GELF TCP/56a936a5e4b034e265a2f16d]. >> key-file="/tmp/keyutil_0.0.0.0:null_1142539487444557174.key" >> cert-file="/tmp/keyutil_0.0.0.0:null_5372303287589154166.crt" >> registry_1 | 2016-01-27_21:29:09.41374 INFO [InputStateListener] Input >> [GELF TCP/56a936a5e4b034e265a2f16d] is now RUNNING >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/06fa4717-23fd-4e3e-9e2a-28b28bdf82b6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
