*i followed this in the documentation* Creating a self-signed private key/certificate
Create PKCS#5 and X.509 certificate: $ openssl version OpenSSL 0.9.8zh 14 Jan 2016 $ openssl req -x509 -days 365 -nodes -newkey rsa:2048 -keyout pkcs5-plain.pem -out cert.pem Generating a 2048 bit RSA private key ............................+++ .+++ writing new private key to 'pkcs5-plain.pem' ----- [...] If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:DE State or Province Name (full name) [Some-State]:Hamburg Locality Name (eg, city) []:Hamburg Organization Name (eg, company) [Internet Widgits Pty Ltd]:Graylog, Inc. Organizational Unit Name (eg, section) []: Common Name (e.g. server FQDN or YOUR name) []:graylog.example.com Email Address []:[email protected] Convert PKCS#5 private key into a *plaintext* PKCS#8 private key: $ openssl pkcs8 -in pkcs5-plain.pem -topk8 -nocrypt -out pkcs8-plain.pem *then i added my certs in like explained here.* # Enable HTTPS support for the REST API. This secures the communication with the REST API# using TLS to prevent request forgery and eavesdropping.rest_enable_tls = true # The X.509 certificate chain file in PEM format to use for securing the REST API.rest_tls_cert_file = /path/to/graylog-certificate.pem # The PKCS#8 private key file in PEM format to use for securing the REST API.rest_tls_key_file = /path/to/graylog-key.pem # The password to unlock the private key used for securing the REST API.rest_tls_key_password = secret # Enable HTTPS support for the web interface. This secures the communication the web interface# using TLS to prevent request forgery and eavesdropping.web_enable_tls = true # The X.509 certificate chain file in PEM format to use for securing the web interface.web_tls_cert_file = /path/to/graylog-certificate.pem # The PKCS#8 private key file in PEM format to use for securing the web interface.web_tls_key_file = /path/to/graylog-key.pem # The password to unlock the private key used for securing the web interface.web_tls_key_password = secret When I restart the service everything seems to start ok but when I connect to the web interface I receive and error connecting to <1.1.1.1:12900> the rest api is accessible because if I turn web_tls and rest_tls back off i can reach everything. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/6e646984-f8aa-4ff3-ac63-346e5430a454%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
