Not sure what happened but I changed the permissions days agop on both keys including the private key. I checked today and root was the owner of the private key. ;-/ its working now Thanks guys!
On Tuesday, May 31, 2016 at 6:28:33 PM UTC-4, John Babio wrote: > > *i followed this in the documentation* > Creating a self-signed private key/certificate > > Create PKCS#5 and X.509 certificate: > > $ openssl version > OpenSSL 0.9.8zh 14 Jan 2016 > $ openssl req -x509 -days 365 -nodes -newkey rsa:2048 -keyout pkcs5-plain.pem > -out cert.pem > Generating a 2048 bit RSA private key > ............................+++ > .+++ > writing new private key to 'pkcs5-plain.pem' > ----- > [...] > If you enter '.', the field will be left blank. > ----- > Country Name (2 letter code) [AU]:DE > State or Province Name (full name) [Some-State]:Hamburg > Locality Name (eg, city) []:Hamburg > Organization Name (eg, company) [Internet Widgits Pty Ltd]:Graylog, Inc. > Organizational Unit Name (eg, section) []: > Common Name (e.g. server FQDN or YOUR name) []:graylog.example.com > Email Address []:[email protected] > > Convert PKCS#5 private key into a *plaintext* PKCS#8 private key: > > $ openssl pkcs8 -in pkcs5-plain.pem -topk8 -nocrypt -out pkcs8-plain.pem > *then i added my certs in like explained here.* > > # Enable HTTPS support for the REST API. This secures the communication with > the REST API# using TLS to prevent request forgery and > eavesdropping.rest_enable_tls = true > # The X.509 certificate chain file in PEM format to use for securing the REST > API.rest_tls_cert_file = /path/to/graylog-certificate.pem > # The PKCS#8 private key file in PEM format to use for securing the REST > API.rest_tls_key_file = /path/to/graylog-key.pem > # The password to unlock the private key used for securing the REST > API.rest_tls_key_password = secret > # Enable HTTPS support for the web interface. This secures the communication > the web interface# using TLS to prevent request forgery and > eavesdropping.web_enable_tls = true > # The X.509 certificate chain file in PEM format to use for securing the web > interface.web_tls_cert_file = /path/to/graylog-certificate.pem > # The PKCS#8 private key file in PEM format to use for securing the web > interface.web_tls_key_file = /path/to/graylog-key.pem > # The password to unlock the private key used for securing the web > interface.web_tls_key_password = secret > > When I restart the service everything seems to start ok but when I connect to > the web interface I receive and error connecting to <1.1.1.1:12900> > > the rest api is accessible because if I turn web_tls and rest_tls back off i > can reach everything. > > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/eef847d2-5a04-4a22-aad0-8404d42a8203%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
