Hi Everyone
Im trying to setup syslog tcp input with TLS support with client TLS
authentication
I have succesfuly setup TLS on the graylog side only, and clients
(syslog-ng) can connect and submit logging information as expected.
However when I try and enable client side TLS auth, I get this exception in
/var/log/graylog/server/common:
2016-04-01_11:48:58.67611 java.security.cert.CertificateParsingException:
signed fields invalid
2016-04-01_11:48:58.67748 at sun.security.x509.X509CertImpl.parse(
X509CertImpl.java:1793)
2016-04-01_11:48:58.67897 at sun.security.x509.X509CertImpl.<init>(
X509CertImpl.java:195)
2016-04-01_11:48:58.68269 at sun.security.provider.X509Factory.
parseX509orPKCS7Cert(X509Factory.java:469)
2016-04-01_11:48:58.68351 at sun.security.provider.X509Factory.
engineGenerateCertificates(X509Factory.java:354)
2016-04-01_11:48:58.68446 at java.security.cert.CertificateFactory.
generateCertificates(CertificateFactory.java:462)
2016-04-01_11:48:58.68619 at org.graylog2.plugin.inputs.transports.
util.KeyUtil.loadCertificates(KeyUtil.java:96)
2016-04-01_11:48:58.68865 at org.graylog2.plugin.inputs.transports.
util.KeyUtil.loadCertificates(KeyUtil.java:106)
2016-04-01_11:48:58.69013 at org.graylog2.plugin.inputs.transports.
util.KeyUtil.initTrustStore(KeyUtil.java:79)
2016-04-01_11:48:58.69341 at org.graylog2.plugin.inputs.transports.
AbstractTcpTransport$1.createSslEngine(AbstractTcpTransport.java:188)
2016-04-01_11:48:58.69440 at org.graylog2.plugin.inputs.transports.
AbstractTcpTransport$1.call(AbstractTcpTransport.java:175)
2016-04-01_11:48:58.69649 at org.graylog2.plugin.inputs.transports.
AbstractTcpTransport$1.call(AbstractTcpTransport.java:171)
2016-04-01_11:48:58.70275 at org.graylog2.plugin.inputs.transports.
NettyTransport$1.getPipeline(NettyTransport.java:116)
2016-04-01_11:48:58.70279 at org.jboss.netty.channel.socket.nio.
NioServerBoss.registerAcceptedChannel(NioServerBoss.java:134)
2016-04-01_11:48:58.70280 at org.jboss.netty.channel.socket.nio.
NioServerBoss.process(NioServerBoss.java:104)
2016-04-01_11:48:58.70280 at org.jboss.netty.channel.socket.nio.
AbstractNioSelector.run(AbstractNioSelector.java:337)
2016-04-01_11:48:58.70317 at org.jboss.netty.channel.socket.nio.
NioServerBoss.run(NioServerBoss.java:42)
2016-04-01_11:48:58.70494 at org.jboss.netty.util.
ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
2016-04-01_11:48:58.70794 at org.jboss.netty.util.internal.
DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
2016-04-01_11:48:58.70853 at java.util.concurrent.ThreadPoolExecutor.
runWorker(ThreadPoolExecutor.java:1142)
2016-04-01_11:48:58.70926 at java.util.concurrent.
ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
2016-04-01_11:48:58.70986 at java.lang.Thread.run(Thread.java:745)
My syslog-ng configuration:
destination graylog {
syslog("graylog" port(1999)
transport("tls")
tls( ca-dir("/home/dylan/temp/syslog/")
cert_file("/home/dylan/temp/syslog/myclient.crt")
ca_dir( "/home/dylan/temp/syslog/myclient.key" )
)
);
};
myclient.crt is an x509 formatted cert - signed with my internal PKI (ie
not by a CA)
myclient.key is pkcs8
I have also copied the public cert of the ca used to sign into a directory
on the graylog server, and pointed to the folder (in one attempt, and the
actual file in another) in the parameters of the input (TLS Client Auth
Trusted Certs (optional))
Can anyone tell me where I'm going wrong?
Thanks in advance
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/4adea6f5-12a8-45e7-ac92-2955e284f5c3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
