If i delete the input and recreate it I can now get logs and it seems to be working. Any way to remove the warnings from the server.log about the cert?
On Saturday, June 4, 2016 at 9:25:01 AM UTC-4, John Babio wrote: > > I imported the key with keytool but still continues to be broken. > > On Saturday, June 4, 2016 at 9:06:46 AM UTC-4, John Babio wrote: >> >> So once it does finally connect I get (class >> javax.net.ssl.SSLPeerUnverifiedException) caught exception: Hostname >> x.x.x.x not verified: >> certificate: sha256/ >> Then i cannot start the input to collect syslog. >> >> >> >> On Tuesday, May 31, 2016 at 6:28:33 PM UTC-4, John Babio wrote: >>> >>> *i followed this in the documentation* >>> Creating a self-signed private key/certificate >>> >>> Create PKCS#5 and X.509 certificate: >>> >>> $ openssl version >>> OpenSSL 0.9.8zh 14 Jan 2016 >>> $ openssl req -x509 -days 365 -nodes -newkey rsa:2048 -keyout >>> pkcs5-plain.pem -out cert.pem >>> Generating a 2048 bit RSA private key >>> ............................+++ >>> .+++ >>> writing new private key to 'pkcs5-plain.pem' >>> ----- >>> [...] >>> If you enter '.', the field will be left blank. >>> ----- >>> Country Name (2 letter code) [AU]:DE >>> State or Province Name (full name) [Some-State]:Hamburg >>> Locality Name (eg, city) []:Hamburg >>> Organization Name (eg, company) [Internet Widgits Pty Ltd]:Graylog, Inc. >>> Organizational Unit Name (eg, section) []: >>> Common Name (e.g. server FQDN or YOUR name) []:graylog.example.com >>> Email Address []:[email protected] >>> >>> Convert PKCS#5 private key into a *plaintext* PKCS#8 private key: >>> >>> $ openssl pkcs8 -in pkcs5-plain.pem -topk8 -nocrypt -out pkcs8-plain.pem >>> *then i added my certs in like explained here.* >>> >>> # Enable HTTPS support for the REST API. This secures the communication >>> with the REST API# using TLS to prevent request forgery and >>> eavesdropping.rest_enable_tls = true >>> # The X.509 certificate chain file in PEM format to use for securing the >>> REST API.rest_tls_cert_file = /path/to/graylog-certificate.pem >>> # The PKCS#8 private key file in PEM format to use for securing the REST >>> API.rest_tls_key_file = /path/to/graylog-key.pem >>> # The password to unlock the private key used for securing the REST >>> API.rest_tls_key_password = secret >>> # Enable HTTPS support for the web interface. This secures the >>> communication the web interface# using TLS to prevent request forgery and >>> eavesdropping.web_enable_tls = true >>> # The X.509 certificate chain file in PEM format to use for securing the >>> web interface.web_tls_cert_file = /path/to/graylog-certificate.pem >>> # The PKCS#8 private key file in PEM format to use for securing the web >>> interface.web_tls_key_file = /path/to/graylog-key.pem >>> # The password to unlock the private key used for securing the web >>> interface.web_tls_key_password = secret >>> >>> When I restart the service everything seems to start ok but when I connect >>> to the web interface I receive and error connecting to <1.1.1.1:12900> >>> >>> the rest api is accessible because if I turn web_tls and rest_tls back off >>> i can reach everything. >>> >>> >>> -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1d6c39c5-bada-4d1f-b7a8-4c9c6c716dc7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
