Hi Aldo,

please refer to the manuals of OpenSSL (or any other program you're using 
to create or convert private keys and your certificates):

   - https://www.openssl.org/docs/manmaster/apps/pkcs8.html
   - https://www.openssl.org/docs/manmaster/apps/x509.html
   - https://www.madboa.com/geek/openssl/
   
Cheers,
Jochen

On Monday, 9 May 2016 14:59:39 UTC+2, Aldo Pellini wrote:
>
> Ok Thanks.
>
> And the right procedure is?
>
> On Monday, May 9, 2016 at 2:44:20 PM UTC+2, Jochen Schalanda wrote:
>>
>> Hi Aldo,
>>
>> it looks like you've been storing a private key in 
>> /etc/pki/tls/certs/graylog.pem instead of an X.509 certificate.
>>
>> Additionally, you really shouldn't post your private keys on a public 
>> mailing list.
>>
>> Cheers,
>> Jochen
>>
>> On Wednesday, 4 May 2016 19:29:42 UTC+2, Aldo Pellini wrote:
>>>
>>> Hi,
>>> I have created a certificate with these commands:
>>>
>>>   942  openssl pkcs8 -topk8 -inform PEM -outform PEM - in graylog.pem 
>>> -out private_gray.pem -nocrypt
>>>   944  openssl pkcs8 -topk8 -inform PEM -outform PEM -in graylog.pem 
>>> -out private_gray.pem -nocrypt
>>>
>>> Then I have copied these into pki directory:
>>>
>>>   957  cp private_gray.pem /etc/pki/tls/private/private_gray.pem
>>>   958  cp graylog.pem /etc/pki/tls/certs
>>>
>>> And enabled HTTPS into server.conf giving the right path of these PEM 
>>> files.
>>>
>>> Below my configuration:
>>>
>>> # REST API listen URI. Must be reachable by other graylog2-server nodes 
>>> if you run a cluster.
>>> rest_listen_uri = https://151.92.28.21:12900
>>>
>>> # WEB
>>> web_listen_uri=https://151.92.28.21:443/
>>>
>>> # HTTPS
>>> web_enable_tls = true
>>> web_tls_cert_file = /etc/pki/tls/certs/graylog.pem
>>> web_tls_key_file = /etc/pki/tls/private/private_gray.pem
>>> #web_tls_key_password =
>>>
>>>
>>> # REST API transport address. Defaults to the value of rest_listen_uri. 
>>> Exception: If rest_listen_uri
>>> # is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 
>>> system address is used.
>>> # If set, his will be promoted in the cluster discovery APIs, so other 
>>> nodes may try to connect on
>>> # this address and it is used to generate URLs addressing entities in 
>>> the REST API. (see rest_listen_uri)
>>> # You will need to define this, if your Graylog server is running behind 
>>> a HTTP proxy that is rewriting
>>> # the scheme, host name or URI.
>>> rest_transport_uri = https://151.92.28.21:12900
>>>
>>> # Enable CORS headers for REST API. This is necessary for JS-clients 
>>> accessing the server directly.
>>> # If these are disabled, modern browsers will not be able to retrieve 
>>> resources from the server.
>>> # This is disabled by default. Uncomment the next line to enable it.
>>> rest_enable_cors = true
>>>
>>> # Enable GZIP support for REST API. This compresses API responses and 
>>> therefore helps to reduce
>>> # overall round trip times. This is disabled by default. Uncomment the 
>>> next line to enable it.
>>> #rest_enable_gzip = true
>>>
>>> # Enable HTTPS support for the REST API. This secures the communication 
>>> with the REST API with
>>> # TLS to prevent request forgery and eavesdropping. This is disabled by 
>>> default. Uncomment the
>>> # next line to enable it.
>>> rest_enable_tls = true
>>>
>>> # The X.509 certificate file to use for securing the REST API.
>>> rest_tls_cert_file = /etc/pki/tls/certs/graylog.pem
>>>
>>> # The private key to use for securing the REST API.
>>> rest_tls_key_file = /etc/pki/tls/private/private_gray.pem
>>>
>>> I have restarted graylog-server daemon but I receive a java error with 
>>> written following lines:
>>>
>>> 2016-05-04 19:26:07,795 ERROR: 
>>> com.google.common.util.concurrent.ServiceManager - Service 
>>> WebInterfaceService [FAILED] has failed in the STARTING state.
>>> java.security.cert.CertificateException: No certificates found in file: 
>>> /etc/pki/tls/certs/graylog.pem
>>>         at 
>>> org.graylog2.shared.security.tls.PemReader.readCertificates(PemReader.java:71)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:114)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> org.graylog2.shared.initializers.AbstractJerseyService.buildSslEngineConfigurator(AbstractJerseyService.java:185)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> org.graylog2.shared.initializers.AbstractJerseyService.setUp(AbstractJerseyService.java:156)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> org.graylog2.initializers.WebInterfaceService.startUp(WebInterfaceService.java:46)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60)
>>>  
>>> [graylog.jar:?]
>>>         at 
>>> com.google.common.util.concurrent.Callables$3.run(Callables.java:100) 
>>> [graylog.jar:?]
>>>         at java.lang.Thread.run(Thread.java:745) [?:1.8.0_74]
>>> 2016-05-04 19:26:07,824 ERROR: 
>>> org.graylog2.shared.initializers.InputSetupService - Not starting any 
>>> inputs because lifecycle is: Uninitialized [LB:DEAD]
>>> 2016-05-04 19:26:07,832 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutting down 
>>> periodical [org.graylog2.periodical.AlertScannerThread].
>>> 2016-05-04 19:26:07,832 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutdown of 
>>> periodical [org.graylog2.periodical.AlertScannerThread] complete, took 
>>> <0ms>.
>>> 2016-05-04 19:26:07,832 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutting down 
>>> periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread].
>>> 2016-05-04 19:26:07,832 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutdown of 
>>> periodical [org.graylog2.periodical.BatchedElasticSearchOutputFlushThread] 
>>> complete, took <0ms>.
>>> 2016-05-04 19:26:07,832 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutting down 
>>> periodical [org.graylog2.periodical.ClusterHealthCheckThread].
>>> 2016-05-04 19:26:07,832 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutdown of 
>>> periodical [org.graylog2.periodical.ClusterHealthCheckThread] complete, 
>>> took <0ms>.
>>> 2016-05-04 19:26:07,832 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutting down 
>>> periodical [org.graylog2.periodical.IndexerClusterCheckerThread].
>>> 2016-05-04 19:26:07,832 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutdown of 
>>> periodical [org.graylog2.periodical.IndexerClusterCheckerThread] complete, 
>>> took <0ms>.
>>> 2016-05-04 19:26:07,833 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutting down 
>>> periodical [org.graylog2.periodical.IndexRetentionThread].
>>> 2016-05-04 19:26:07,833 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutdown of 
>>> periodical [org.graylog2.periodical.IndexRetentionThread] complete, took 
>>> <0ms>.
>>> 2016-05-04 19:26:07,833 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutting down 
>>> periodical [org.graylog2.periodical.IndexRotationThread].
>>> 2016-05-04 19:26:07,833 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutdown of 
>>> periodical [org.graylog2.periodical.IndexRotationThread] complete, took 
>>> <0ms>.
>>> 2016-05-04 19:26:07,833 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutting down 
>>> periodical [org.graylog2.periodical.VersionCheckThread].
>>> 2016-05-04 19:26:07,833 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutdown of 
>>> periodical [org.graylog2.periodical.VersionCheckThread] complete, took 
>>> <0ms>.
>>> 2016-05-04 19:26:07,833 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutting down 
>>> periodical [org.graylog2.periodical.ThrottleStateUpdaterThread].
>>> 2016-05-04 19:26:07,833 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutdown of 
>>> periodical [org.graylog2.periodical.ThrottleStateUpdaterThread] complete, 
>>> took <0ms>.
>>> 2016-05-04 19:26:07,833 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutting down 
>>> periodical [org.graylog2.events.ClusterEventPeriodical].
>>> 2016-05-04 19:26:07,833 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutdown of 
>>> periodical [org.graylog2.events.ClusterEventPeriodical] complete, took 
>>> <0ms>.
>>> 2016-05-04 19:26:07,833 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutting down 
>>> periodical [org.graylog2.events.ClusterEventCleanupPeriodical].
>>> 2016-05-04 19:26:07,834 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutdown of 
>>> periodical [org.graylog2.events.ClusterEventCleanupPeriodical] complete, 
>>> took <0ms>.
>>> 2016-05-04 19:26:07,834 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutting down 
>>> periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical].
>>> 2016-05-04 19:26:07,834 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutdown of 
>>> periodical [org.graylog2.periodical.IndexRangesCleanupPeriodical] complete, 
>>> took <0ms>.
>>> 2016-05-04 19:26:07,834 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutting down 
>>> periodical [org.graylog.plugins.usagestatistics.UsageStatsNodePeriodical].
>>> 2016-05-04 19:26:07,834 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutdown of 
>>> periodical [org.graylog.plugins.usagestatistics.UsageStatsNodePeriodical] 
>>> complete, took <0ms>.
>>> 2016-05-04 19:26:07,834 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutting down 
>>> periodical 
>>> [org.graylog.plugins.usagestatistics.UsageStatsClusterPeriodical].
>>> 2016-05-04 19:26:07,834 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutdown of 
>>> periodical 
>>> [org.graylog.plugins.usagestatistics.UsageStatsClusterPeriodical] complete, 
>>> took <0ms>.
>>> 2016-05-04 19:26:07,839 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutting down 
>>> periodical 
>>> [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread].
>>> 2016-05-04 19:26:07,839 INFO : 
>>> org.graylog2.shared.initializers.PeriodicalsService - Shutdown of 
>>> periodical 
>>> [org.graylog.plugins.collector.periodical.PurgeExpiredCollectorsThread] 
>>> complete, took <0ms>.
>>> 2016-05-04 19:26:07,840 INFO : kafka.log.LogManager - Shutting down.
>>> 2016-05-04 19:26:07,839 WARN : 
>>> org.graylog2.initializers.BufferSynchronizerService - Elasticsearch is 
>>> unavailable. Not waiting to clear buffers and caches, as we have no healthy 
>>> cluster.
>>> 2016-05-04 19:26:07,849 INFO : org.elasticsearch.node - 
>>> [graylog-c6aeb753-c841-476f-b8ed-5715ef6b8bf5] stopping ...
>>> 2016-05-04 19:26:07,851 INFO : 
>>> org.graylog2.initializers.OutputSetupService - Stopping output 
>>> org.graylog2.outputs.BlockingBatchedESOutput
>>> 2016-05-04 19:26:07,855 INFO : org.elasticsearch.node - 
>>> [graylog-c6aeb753-c841-476f-b8ed-5715ef6b8bf5] stopped
>>> 2016-05-04 19:26:07,855 INFO : org.elasticsearch.node - 
>>> [graylog-c6aeb753-c841-476f-b8ed-5715ef6b8bf5] closing ...
>>> 2016-05-04 19:26:07,868 INFO : org.elasticsearch.node - 
>>> [graylog-c6aeb753-c841-476f-b8ed-5715ef6b8bf5] closed
>>> 2016-05-04 19:26:07,879 ERROR: 
>>> com.google.common.util.concurrent.ServiceManager - Service 
>>> IndexerSetupService [FAILED] has failed in the STOPPING state.
>>> java.lang.IllegalStateException: Can't move to started state when closed
>>>         at 
>>> org.elasticsearch.common.component.Lifecycle.moveToStarted(Lifecycle.java:130)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:69)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> org.elasticsearch.transport.TransportService.doStart(TransportService.java:182)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:68)
>>>  
>>> ~[graylog.jar:?]
>>>         at org.elasticsearch.node.Node.start(Node.java:278) 
>>> ~[graylog.jar:?]
>>>         at 
>>> org.graylog2.initializers.IndexerSetupService.startUp(IndexerSetupService.java:114)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60)
>>>  
>>> [graylog.jar:?]
>>>         at 
>>> com.google.common.util.concurrent.Callables$3.run(Callables.java:100) 
>>> [graylog.jar:?]
>>>         at java.lang.Thread.run(Thread.java:745) [?:1.8.0_74]
>>> 2016-05-04 19:26:07,892 INFO : org.graylog2.shared.journal.JournalReader 
>>> - Stopping.
>>> 2016-05-04 19:26:07,902 INFO : kafka.log.LogManager - Shutdown complete.
>>> 2016-05-04 19:26:08,013 INFO : 
>>> org.graylog2.shared.initializers.AbstractJerseyService - Enabling CORS for 
>>> HTTP endpoint
>>> 2016-05-04 19:26:08,016 ERROR: 
>>> com.google.common.util.concurrent.ServiceManager - Service RestApiService 
>>> [FAILED] has failed in the STOPPING state.
>>> java.security.cert.CertificateException: No certificates found in file: 
>>> /etc/pki/tls/certs/graylog.pem
>>>         at 
>>> org.graylog2.shared.security.tls.PemReader.readCertificates(PemReader.java:71)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:114)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> org.graylog2.shared.initializers.AbstractJerseyService.buildSslEngineConfigurator(AbstractJerseyService.java:185)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> org.graylog2.shared.initializers.AbstractJerseyService.setUp(AbstractJerseyService.java:156)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> org.graylog2.shared.initializers.RestApiService.startUp(RestApiService.java:65)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60)
>>>  
>>> [graylog.jar:?]
>>>         at 
>>> com.google.common.util.concurrent.Callables$3.run(Callables.java:100) 
>>> [graylog.jar:?]
>>>         at java.lang.Thread.run(Thread.java:745) [?:1.8.0_74]
>>> 2016-05-04 19:26:08,016 ERROR: org.graylog2.bootstrap.ServerBootstrap - 
>>> Graylog startup failed. Exiting. Exception was:
>>> java.lang.IllegalStateException: Expected to be healthy after starting. 
>>> The following services are not running: {STARTING=[RestApiService 
>>> [STARTING], IndexerSetupService [STARTING]], FAILED=[WebInterfaceService 
>>> [FAILED]]}
>>>         at 
>>> com.google.common.util.concurrent.ServiceManager$ServiceManagerState.checkHealthy(ServiceManager.java:713)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> com.google.common.util.concurrent.ServiceManager$ServiceManagerState.awaitHealthy(ServiceManager.java:542)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> com.google.common.util.concurrent.ServiceManager.awaitHealthy(ServiceManager.java:299)
>>>  
>>> ~[graylog.jar:?]
>>>         at 
>>> org.graylog2.bootstrap.ServerBootstrap.startCommand(ServerBootstrap.java:127)
>>>  
>>> [graylog.jar:?]
>>>         at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:209) 
>>> [graylog.jar:?]
>>>         at org.graylog2.bootstrap.Main.main(Main.java:44) [graylog.jar:?]
>>> 2016-05-04 19:26:08,016 WARN : 
>>> org.graylog2.shared.events.DeadEventLoggingListener - Received unhandled 
>>> event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus 
>>> <AsyncEventBus{graylog-eventbus}>
>>> 2016-05-04 19:26:08,017 INFO : 
>>> org.graylog2.shared.initializers.ServiceManagerListener - Services are now 
>>> stopped.
>>> 2016-05-04 19:26:08,024 INFO : org.graylog2.commands.Server - SIGNAL 
>>> received. Shutting down.
>>> 2016-05-04 19:26:08,029 INFO : 
>>> org.graylog2.system.shutdown.GracefulShutdown - Graceful shutdown initiated.
>>> 2016-05-04 19:26:08,029 WARN : 
>>> org.graylog2.shared.events.DeadEventLoggingListener - Received unhandled 
>>> event of type <org.graylog2.plugin.lifecycles.Lifecycle> from event bus 
>>> <AsyncEventBus{graylog-eventbus}>
>>> 2016-05-04 19:26:08,029 INFO : 
>>> org.graylog2.system.shutdown.GracefulShutdown - Node status: [Halting 
>>> [LB:DEAD]]. Waiting <3sec> for possible load balancers to recognize state 
>>> change.
>>> Exception in thread "Thread-2" java.lang.IllegalStateException: Expected 
>>> the service to be TERMINATED, but the service has FAILED
>>>         at 
>>> com.google.common.util.concurrent.AbstractService.checkCurrentState(AbstractService.java:310)
>>>         at 
>>> com.google.common.util.concurrent.AbstractService.awaitTerminated(AbstractService.java:280)
>>>         at 
>>> com.google.common.util.concurrent.AbstractIdleService.awaitTerminated(AbstractIdleService.java:173)
>>>         at 
>>> org.graylog2.system.shutdown.GracefulShutdown.doRun(GracefulShutdown.java:102)
>>>         at 
>>> org.graylog2.system.shutdown.GracefulShutdown.runWithoutExit(GracefulShutdown.java:75)
>>>         at org.graylog2.commands.Server$ShutdownHook.run(Server.java:188)
>>>         at java.lang.Thread.run(Thread.java:745)
>>> Caused by: java.security.cert.CertificateException: No certificates 
>>> found in file: /etc/pki/tls/certs/graylog.pem
>>>         at 
>>> org.graylog2.shared.security.tls.PemReader.readCertificates(PemReader.java:71)
>>>         at 
>>> org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:114)
>>>         at 
>>> org.graylog2.shared.initializers.AbstractJerseyService.buildSslEngineConfigurator(AbstractJerseyService.java:185)
>>>         at 
>>> org.graylog2.shared.initializers.AbstractJerseyService.setUp(AbstractJerseyService.java:156)
>>>         at 
>>> org.graylog2.shared.initializers.RestApiService.startUp(RestApiService.java:65)
>>>         at 
>>> com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60)
>>>         at 
>>> com.google.common.util.concurrent.Callables$3.run(Callables.java:100)
>>>         ... 1 more
>>>
>>> If I read these file I have:
>>>
>>> [root@NASTIA-LOG01 ~]# more /etc/pki/tls/certs/graylog.pem 
>>> -----BEGIN RSA PRIVATE KEY-----
>>> [...]
>>> -----END RSA PRIVATE KEY-----
>>> [root@NASTIA-LOG01 ~]# 
>>>
>>>
>>> [root@NASTIA-LOG01 ~]# more /etc/pki/tls/private/private_gray.pem 
>>> -----BEGIN PRIVATE KEY-----
>>> [...]
>>> -----END PRIVATE KEY-----
>>> [root@NASTIA-LOG01 ~]# 
>>>
>>> I have done something wrong?
>>>
>>> Regards,
>>>
>>> Aldo
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/c67d9c50-5e81-4990-9aea-cfab8275af7c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to