Hi Dave, the error message looks like the private key is in an incompatible or invalid format which Graylog can't process.
Could you please share your Graylog configuration (the rest_* and web_* settings should be sufficient) and the output of the following OpenSSL command: openssl rsa -noout -check -inform pem -in /path/to/private.key Cheers, Jochen On Wednesday, 6 July 2016 21:42:47 UTC+2, [email protected] wrote: > > All, > > I have been working on setting up a test instance of Graylog 2.0 for > several weeks now and I can't seem to make any progress with implementing > SSL. I have seen a few other posts asking about converting java wallets to > the new set up of cert and key pair but that doesn't apply I have a new > cert from a CA. I am pretty sure I have the cert in the correct encoding > "X.509 certificate with PEM encoding" that the documentation > <http://docs.graylog.org/en/2.0/pages/configuration/https.html>asks for. > I can use the command "openssl x509 -in cert.pem -text -noout" to see the > contents of the cert without issue. I can get Graylog 2.0 running with no > SSL and with self generated certs but when I use the certs from the CA > I keep getting the errors below in /var/log/graylog-server/server.log when > I try to start Graylog 2.0, I can send more of the log if needed. This is > installed on Oracle Linux Server release 6.7 with Graylog 2.0, > Elasticsearch, and MongoDB installed from their respective yum repos. Any > advice would be greatly appreciated, I'm just spinning my wheels at this > point. > > > 2016-07-06T14:02:42.862-05:00 ERROR [ServiceManager] Service > WebInterfaceService [FAILED] has failed in the STARTING state. > java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = > 48) > at > sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:253) > ~[?:1.8.0_73] > at > sun.security.util.DerInputStream.getOID(DerInputStream.java:281) > ~[?:1.8.0_73] > at > com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267) > ~[sunjce_provider.jar:1.8.0_71] > at > java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) > ~[?:1.8.0_73] > at > sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132) > ~[?:1.8.0_73] > at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114) > ~[?:1.8.0_73] > at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372) > ~[?:1.8.0_73] > at > javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95) > ~[?:1.8.0_71] > at > org.graylog2.shared.security.tls.PemKeyStore.generateKeySpec(PemKeyStore.java:69) > > ~[graylog.jar:?] > at > org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:96) > > ~[graylog.jar:?] > at > org.graylog2.shared.initializers.AbstractJerseyService.buildSslEngineConfigurator(AbstractJerseyService.java:187) > > ~[graylog.jar:?] > at > org.graylog2.shared.initializers.AbstractJerseyService.setUp(AbstractJerseyService.java:158) > > ~[graylog.jar:?] > at > org.graylog2.initializers.WebInterfaceService.startUp(WebInterfaceService.java:46) > > ~[graylog.jar:?] > at > com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60) > > [graylog.jar:?] > at > com.google.common.util.concurrent.Callables$3.run(Callables.java:100) > [graylog.jar:?] > at java.lang.Thread.run(Thread.java:745) [?:1.8.0_73] > 2016-07-06T14:02:42.896-05:00 ERROR [InputSetupService] Not starting any > inputs because lifecycle is: Uninitialized [LB:DEAD] > > 2016-07-06T14:02:42.941-05:00 ERROR [ServiceManager] Service > IndexerSetupService [FAILED] has failed in the STOPPING state. > java.lang.IllegalStateException: Can't move to started state when closed > at > org.elasticsearch.common.component.Lifecycle.moveToStarted(Lifecycle.java:130) > > ~[graylog.jar:?] > at > org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:69) > > ~[graylog.jar:?] > at > org.elasticsearch.transport.TransportService.doStart(TransportService.java:182) > > ~[graylog.jar:?] > at > org.elasticsearch.common.component.AbstractLifecycleComponent.start(AbstractLifecycleComponent.java:68) > > ~[graylog.jar:?] > at org.elasticsearch.node.Node.start(Node.java:278) > ~[graylog.jar:?] > at > org.graylog2.initializers.IndexerSetupService.startUp(IndexerSetupService.java:114) > > ~[graylog.jar:?] > at > com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60) > > [graylog.jar:?] > at > com.google.common.util.concurrent.Callables$3.run(Callables.java:100) > [graylog.jar:?] > at java.lang.Thread.run(Thread.java:745) [?:1.8.0_73] > > > 2016-07-06T14:02:43.202-05:00 ERROR [ServiceManager] Service > RestApiService [FAILED] has failed in the STOPPING state. > java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = > 48) > at > sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:253) > ~[?:1.8.0_73] > at > sun.security.util.DerInputStream.getOID(DerInputStream.java:281) > ~[?:1.8.0_73] > at > com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267) > ~[sunjce_provider.jar:1.8.0_71] > at > java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) > ~[?:1.8.0_73] > at > sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132) > ~[?:1.8.0_73] > at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114) > ~[?:1.8.0_73] > at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372) > ~[?:1.8.0_73] > at > javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95) > ~[?:1.8.0_71] > at > org.graylog2.shared.security.tls.PemKeyStore.generateKeySpec(PemKeyStore.java:69) > > ~[graylog.jar:?] > at > org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:96) > > ~[graylog.jar:?] > at > org.graylog2.shared.initializers.AbstractJerseyService.buildSslEngineConfigurator(AbstractJerseyService.java:187) > > ~[graylog.jar:?] > at > org.graylog2.shared.initializers.AbstractJerseyService.setUp(AbstractJerseyService.java:158) > > ~[graylog.jar:?] > at > org.graylog2.shared.initializers.RestApiService.startUp(RestApiService.java:65) > > ~[graylog.jar:?] > at > com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60) > > [graylog.jar:?] > at > com.google.common.util.concurrent.Callables$3.run(Callables.java:100) > [graylog.jar:?] > at java.lang.Thread.run(Thread.java:745) [?:1.8.0_73] > 2016-07-06T14:02:43.206-05:00 ERROR [ServerBootstrap] Graylog startup > failed. Exiting. Exception was: > java.lang.IllegalStateException: Expected to be healthy after starting. > The following services are not running: {STARTING=[RestApiService > [STARTING], IndexerSetupService [STARTING]], FAILED=[WebInterfaceService > [FAILED]]} > at > com.google.common.util.concurrent.ServiceManager$ServiceManagerState.checkHealthy(ServiceManager.java:713) > > ~[graylog.jar:?] > at > com.google.common.util.concurrent.ServiceManager$ServiceManagerState.awaitHealthy(ServiceManager.java:542) > > ~[graylog.jar:?] > at > com.google.common.util.concurrent.ServiceManager.awaitHealthy(ServiceManager.java:299) > > ~[graylog.jar:?] > at > org.graylog2.bootstrap.ServerBootstrap.startCommand(ServerBootstrap.java:129) > [graylog.jar:?] > at org.graylog2.bootstrap.CmdLineTool.run(CmdLineTool.java:209) > [graylog.jar:?] > at org.graylog2.bootstrap.Main.main(Main.java:44) [graylog.jar:?] > > > --Dave C. > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/372cf128-cb38-4fda-b146-d86f6e147f86%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
