[graylog2] Has any one successfully set up SSL on Graylog 2.0?

[davelcan]

All, 

I have been working on setting up a test instance of Graylog 2.0 for 
several weeks now and I can't seem to make any progress with implementing 
SSL. I have seen a few other posts asking about converting java wallets to 
the new set up of cert and key pair but that doesn't apply I have a new 
cert from a CA. I am pretty sure I have the cert in the correct encoding 
"X.509 certificate with PEM encoding" that the documentation 
<http://docs.graylog.org/en/2.0/pages/configuration/https.html>asks for. I 
can use the command "openssl x509 -in cert.pem -text -noout" to see the 
contents of the cert without issue. I can get Graylog 2.0 running with no 
SSL and with self generated certs but when I use the certs from the CA 
I keep getting the errors below in /var/log/graylog-server/server.log when 
I try to start Graylog 2.0, I can send more of the log if needed. This is 
installed on Oracle Linux Server release 6.7 with Graylog 2.0, 
Elasticsearch, and MongoDB installed from their respective yum repos. Any 
advice would be greatly appreciated, I'm just spinning my wheels at this 
point. 


2016-07-06T14:02:42.862-05:00 ERROR [ServiceManager] Service 
WebInterfaceService [FAILED] has failed in the STARTING state.
java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 
48)
        at 
sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:253) 
~[?:1.8.0_73]
        at sun.security.util.DerInputStream.getOID(DerInputStream.java:281) 
~[?:1.8.0_73]
        at 
com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267) 
~[sunjce_provider.jar:1.8.0_71]
        at 
java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) 
~[?:1.8.0_73]
        at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132) 
~[?:1.8.0_73]
        at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114) 
~[?:1.8.0_73]
        at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372) 
~[?:1.8.0_73]
        at 
javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95) 
~[?:1.8.0_71]
        at 
org.graylog2.shared.security.tls.PemKeyStore.generateKeySpec(PemKeyStore.java:69)
 
~[graylog.jar:?]
        at 
org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:96) 
~[graylog.jar:?]
        at 
org.graylog2.shared.initializers.AbstractJerseyService.buildSslEngineConfigurator(AbstractJerseyService.java:187)
 
~[graylog.jar:?]
        at 
org.graylog2.shared.initializers.AbstractJerseyService.setUp(AbstractJerseyService.java:158)
 
~[graylog.jar:?]
        at 
org.graylog2.initializers.WebInterfaceService.startUp(WebInterfaceService.java:46)
 
~[graylog.jar:?]
        at 
com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60)
 
[graylog.jar:?]
        at 
com.google.common.util.concurrent.Callables$3.run(Callables.java:100) 
[graylog.jar:?]
        at java.lang.Thread.run(Thread.java:745) [?:1.8.0_73]
2016-07-06T14:02:42.896-05:00 ERROR [InputSetupService] Not starting any 
inputs because lifecycle is: Uninitialized [LB:DEAD]

2016-07-06T14:02:42.941-05:00 ERROR [ServiceManager] Service 
IndexerSetupService [FAILED] has failed in the STOPPING state.
java.lang.IllegalStateException: Can't move to started state when closed
        at 
org.elasticsearch.common.component.Lifecycle.moveToStarted(Lifecycle.java:130) 
~[graylog.jar:?]
        at 
org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:69)
 
~[graylog.jar:?]
        at 
org.elasticsearch.transport.TransportService.doStart(TransportService.java:182) 
~[graylog.jar:?]
        at 
org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:68)
 
~[graylog.jar:?]
        at org.elasticsearch.node.Node.start(Node.java:278) ~[graylog.jar:?]
        at 
org.graylog2.initializers.IndexerSetupService.startUp(IndexerSetupService.java:114)
 
~[graylog.jar:?]
        at 
com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60)
 
[graylog.jar:?]
        at 
com.google.common.util.concurrent.Callables$3.run(Callables.java:100) 
[graylog.jar:?]
        at java.lang.Thread.run(Thread.java:745) [?:1.8.0_73]


2016-07-06T14:02:43.202-05:00 ERROR [ServiceManager] Service RestApiService 
[FAILED] has failed in the STOPPING state.
java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 
48)
        at 
sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:253) 
~[?:1.8.0_73]
        at sun.security.util.DerInputStream.getOID(DerInputStream.java:281) 
~[?:1.8.0_73]
        at 
com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267) 
~[sunjce_provider.jar:1.8.0_71]
        at 
java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) 
~[?:1.8.0_73]
        at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132) 
~[?:1.8.0_73]
        at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114) 
~[?:1.8.0_73]
        at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372) 
~[?:1.8.0_73]
        at 
javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95) 
~[?:1.8.0_71]
        at 
org.graylog2.shared.security.tls.PemKeyStore.generateKeySpec(PemKeyStore.java:69)
 
~[graylog.jar:?]
        at 
org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:96) 
~[graylog.jar:?]
        at 
org.graylog2.shared.initializers.AbstractJerseyService.buildSslEngineConfigurator(AbstractJerseyService.java:187)
 
~[graylog.jar:?]
        at 
org.graylog2.shared.initializers.AbstractJerseyService.setUp(AbstractJerseyService.java:158)
 
~[graylog.jar:?]
        at 
org.graylog2.shared.initializers.RestApiService.startUp(RestApiService.java:65) 
~[graylog.jar:?]
        at 
com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60)
 
[graylog.jar:?]
        at 
com.google.common.util.concurrent.Callables$3.run(Callables.java:100) 
[graylog.jar:?]
        at java.lang.Thread.run(Thread.java:745) [?:1.8.0_73]
2016-07-06T14:02:43.206-05:00 ERROR [ServerBootstrap] Graylog startup 
failed. Exiting. Exception was:
java.lang.IllegalStateException: Expected to be healthy after starting. The 
following services are not running: {STARTING=[RestApiService [STARTING], 
IndexerSetupService [STARTING]], FAILED=[WebInterfaceService [FAILED]]}
        at 
com.google.common.util.concurrent.ServiceManager$ServiceManagerState.checkHealthy(ServiceManager.java:713)
 
~[graylog.jar:?]
        at 
com.google.common.util.concurrent.ServiceManager$ServiceManagerState.awaitHealthy(ServiceManager.java:542)
 
~[graylog.jar:?]
        at 
com.google.common.util.concurrent.ServiceManager.awaitHealthy(ServiceManager.java:299)
 
~[graylog.jar:?]
        at 
org.graylog2.bootstrap.ServerBootstrap.startCommand(ServerBootstrap.java:129) 
[graylog.jar:?]
        at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:209) 
[graylog.jar:?]
        at org.graylog2.bootstrap.Main.main(Main.java:44) [graylog.jar:?]


--Dave C. 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/928df841-5361-45a8-ad75-419fe77e089d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.