There is 1 active node a0b027ef / <https://192.168.1.21:9000/system/nodes/a0b027ef-a0aa-40fe-a8fd-7a5a25be4e47> - System information is currently unavailable. - Somthing is still broken because I cannot see the message count move anymore where it says in/out msg/s - All the log for server.log shows is - 2016-06-04T09:52:03.744-04:00 WARN [ProxiedResource] Unable to call https://x.x.x.x:12900/system on node <a0b027ef-a0aa-40fe-a8fd-7a5a25be4e47>, caught exception: Hostname x.x.x.x not verified: certificate: sha256/ DN: EMAILADDRESS= , CN=, OU=IT, O=, L=, ST=NJ, C=US subjectAltNames: [] (class javax.net.ssl.SSLPeerUnverifiedException) On Saturday, June 4, 2016 at 9:48:43 AM UTC-4, John Babio wrote: > > If i delete the input and recreate it I can now get logs and it seems to > be working. Any way to remove the warnings from the server.log about the > cert? > > On Saturday, June 4, 2016 at 9:25:01 AM UTC-4, John Babio wrote: >> >> I imported the key with keytool but still continues to be broken. >> >> On Saturday, June 4, 2016 at 9:06:46 AM UTC-4, John Babio wrote: >>> >>> So once it does finally connect I get (class >>> javax.net.ssl.SSLPeerUnverifiedException) caught exception: Hostname >>> x.x.x.x not verified: >>> certificate: sha256/ >>> Then i cannot start the input to collect syslog. >>> >>> >>> >>> On Tuesday, May 31, 2016 at 6:28:33 PM UTC-4, John Babio wrote: >>>> >>>> *i followed this in the documentation* >>>> Creating a self-signed private key/certificate >>>> >>>> Create PKCS#5 and X.509 certificate: >>>> >>>> $ openssl version >>>> OpenSSL 0.9.8zh 14 Jan 2016 >>>> $ openssl req -x509 -days 365 -nodes -newkey rsa:2048 -keyout >>>> pkcs5-plain.pem -out cert.pem >>>> Generating a 2048 bit RSA private key >>>> ............................+++ >>>> .+++ >>>> writing new private key to 'pkcs5-plain.pem' >>>> ----- >>>> [...] >>>> If you enter '.', the field will be left blank. >>>> ----- >>>> Country Name (2 letter code) [AU]:DE >>>> State or Province Name (full name) [Some-State]:Hamburg >>>> Locality Name (eg, city) []:Hamburg >>>> Organization Name (eg, company) [Internet Widgits Pty Ltd]:Graylog, Inc. >>>> Organizational Unit Name (eg, section) []: >>>> Common Name (e.g. server FQDN or YOUR name) []:graylog.example.com >>>> Email Address []:[email protected] >>>> >>>> Convert PKCS#5 private key into a *plaintext* PKCS#8 private key: >>>> >>>> $ openssl pkcs8 -in pkcs5-plain.pem -topk8 -nocrypt -out pkcs8-plain.pem >>>> *then i added my certs in like explained here.* >>>> >>>> # Enable HTTPS support for the REST API. This secures the communication >>>> with the REST API# using TLS to prevent request forgery and >>>> eavesdropping.rest_enable_tls = true >>>> # The X.509 certificate chain file in PEM format to use for securing the >>>> REST API.rest_tls_cert_file = /path/to/graylog-certificate.pem >>>> # The PKCS#8 private key file in PEM format to use for securing the REST >>>> API.rest_tls_key_file = /path/to/graylog-key.pem >>>> # The password to unlock the private key used for securing the REST >>>> API.rest_tls_key_password = secret >>>> # Enable HTTPS support for the web interface. This secures the >>>> communication the web interface# using TLS to prevent request forgery and >>>> eavesdropping.web_enable_tls = true >>>> # The X.509 certificate chain file in PEM format to use for securing the >>>> web interface.web_tls_cert_file = /path/to/graylog-certificate.pem >>>> # The PKCS#8 private key file in PEM format to use for securing the web >>>> interface.web_tls_key_file = /path/to/graylog-key.pem >>>> # The password to unlock the private key used for securing the web >>>> interface.web_tls_key_password = secret >>>> >>>> When I restart the service everything seems to start ok but when I connect >>>> to the web interface I receive and error connecting to <1.1.1.1:12900> >>>> >>>> the rest api is accessible because if I turn web_tls and rest_tls back off >>>> i can reach everything. >>>> >>>> >>>>
-- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/719b052e-0123-4bff-9eeb-38a65c06f52b%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
