Hi all, has anyone had any success converting their TLS ceritificates for
graylog web from versions 1 (e.g. 1.3.x) to version 2 of graylog?
Maybe I'm just not getting it, but I'm having trouble figuring out EXACTLY
what file format the certificate needs to be in.
Previously with v1.x web interface it used a javakeystore. HOWEVER, this is
no longer in use and the upgrade path is not clear.
I found some documentation that talks about exporting keys from the
keystore but the terminilogy is very inconsistent depending on the
webpage/documentation.
I got as far as exporting the "private key"
(no clue if this is the correct format)
keytool -importkeystore -srckeystore graylog2.keystore -destkeystore
new-store.p12 -deststoretype PKCS12
openssl pkcs12 -info -in new-store.p12
openssl pkcs12 -in new-store.p12 -nocerts -out gl2web_privateKey.pem
to produce supposedly what the documentation for graylog claims it needs,
I do something similar for the public key
keytool -export -keystore graylog2.keystore -alias graylog2key -file
Example.cer
openssl x509 -in Example.cer -inform der -text -noout
openssl x509 -inform der -in Example.cer -out gl2web_publickey.pem
I get this error
I end up with this error which is vague, but I think tells me my
certificate configuration is useless.
2016-04-12 10:06:27,503 ERROR:
com.google.common.util.concurrent.ServiceManager - Service
WebInterfaceService [FAILED] has failed in the STARTING state.
java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag =
48)
at
sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:253)
~[?:1.8.0_77]
at sun.security.util.DerInputStream.getOID(DerInputStream.java:281)
~[?:1.8.0_77]
at
com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267)
~[sunjce_provider.jar:1.8.0_77]
at
java.security.AlgorithmParameters.init(AlgorithmParameters.java:293)
~[?:1.8.0_77]
at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132)
~[?:1.8.0_77]
at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114)
~[?:1.8.0_77]
at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372)
~[?:1.8.0_77]
at
javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95)
~[?:1.8.0_77]
at
org.graylog2.shared.security.tls.PemKeyStore.generateKeySpec(PemKeyStore.java:69)
~[graylog.jar:?]
at
org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:96)
~[graylog.jar:?]
at
org.graylog2.shared.initializers.AbstractJerseyService.buildSslEngineConfigurator(AbstractJerseyService.java:185)
~[graylog.jar:?]
at
org.graylog2.shared.initializers.AbstractJerseyService.setUp(AbstractJerseyService.java:156)
~[graylog.jar:?]
at
org.graylog2.initializers.WebInterfaceService.startUp(WebInterfaceService.java:46)
~[graylog.jar:?]
at
com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60)
[graylog.jar:?]
at
com.google.common.util.concurrent.Callables$3.run(Callables.java:100)
[graylog.jar:?]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_77]
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/13160a96-aeb6-4c5e-82f0-a387d802d983%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
