So I managed to resolve the issue with private key in step 7 of my first post and proceeded and completed step 9 above and imported the self-signed cert into the copied cacerts.jks) (I cannot query the new cacert.jks though as it gives this error keytool -keystore ./cacerts.jks -list |grep graylog-self-signed keytool error: java.security.cert.CertificateParsingException: java.io.IOException: RFC822Name may not be null or empty ). Since I get the same error when quering the main /usr/java/jdk1.8/.../cacerts.jks I decided to proceed.
However restarting graylog-server doesn't work still as I keep getting this error - Server currently unavailable We are experiencing problems connecting to the Graylog server running on *https://graylog-web01:12900/ * Please verify that the server is healthy and working correctly. You will be automatically redirected to the previous page once we can connect to the server. Also, I switched to using just one graylog-server which is the simplest case - 1 graylog server with https setup, to see if just https works and I'm seeing another weird behavior - in graylog-server/server.conf I set rest_listen_uri = https://graylog-web01 web_listen_uri = https://graylog-web01 rest_enable_tls = true web_enable_tls = true (I left the is_master=true in there) I didn't point it to my self signed cert as the doc says it will generate its own which it did checking the browser presented cert. However, when connecting to https://graylog-web01:9000 I get the same Server Unavailable error. Whats interesting is More Details shows Error message Bad requestOriginal RequestGET https://graylog-web01:12900/system/sessionsStatus codeundefinedFull error messageError: Request has been terminated Possible causes: the network is offline, Origin is not allowed by Access-Control-Allow-Origin, the page is being unloaded, etc. But if I open a new tab and go to https://graylog-web01:12900/system/sessions, then I get " {"is_valid":false}" in that tab. And the other tab with the main graylog web interface then starts working for most part. System -> Logging or System -> Nodes fails with a picture of a monkey with a banana hat (!?) when querying the node. Logs show 2016-07-28T09:34:46.954-04:00 WARN [ProxiedResource] Unable to call https://graylog-web01:12900/system/metrics/multiple on node <90a4086e-d119-...>, caught exception: java.security.cert.CertificateException: No X509TrustManager implementation available (class javax.net.ssl.SSLHandshakeException) *What is going wrong here and what is the fix and proper way to get https going with graylog 2.0.2? Also has anyone else managed to get it working behind a load balancer like haproxy (with ssl passthrough or ssl termination)* Note that without ssl, everything works well via haproxy load_balancer to 2 graylog-web app clusters and 3 backend ES nodes and mongodb on 2 graylog-app cluster + 1 mongod arbiter on load_balancer node. Thanks, -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/bf5a014f-2cd8-4947-8118-25ad86f8eb6c%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
