Changed permissions to 0444 for cert/key files and 0755 for embracing 
folder - restarted without problem.
The issue starts when I login via GUI - attached WARN message - see 
attached file.
Why it refers to my secondary interface (10.0.0.16) and not primary one 
192.168.17.15 ?

Please clarify - what could be wrong?

Cheers
Evgueni
 

On Sunday, October 16, 2016 at 11:24:36 PM UTC-7, Jochen Schalanda wrote:
>
> Hi Evgueni,
>
> On Friday, 14 October 2016 22:32:58 UTC+2, Evgueni Gordienko wrote:
>>
>> I enabled tls and the file graylog complains about is there and hase 0777 
>> permissions set but still I get:
>>
>
> Access permissions of 0777 (readable, writable, and executable for 
> everyone) are a bit too permissive.
>
> The private key and certificate files must simply be readable and the 
> directories must be usable (i. e. readable and executable) by the system 
> user running Graylog (e. g. "graylog" in most cases).
>
> You can check this by running namei -l 
> /etc/graylog/secrets/pkcs8-encrypted.pem.
>
> On Sunday, 16 October 2016 17:16:44 UTC+2, Evgueni Gordienko wrote:
>>
>> But even after that it looks like I'm having same issue as in
>>
>> https://groups.google.com/forum/#!searchin/graylog2/read$20key|sort:relevance/graylog2/V4eqM5ah_ik/wDmRW7JFBQAJ
>>
>
> Which issue is this, specifically?
>
> Cheers,
> Jochen 
>

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/af8c29bc-9a0c-4c05-a1d1-5ef341f9ca61%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
2016-10-17T18:16:39.287Z INFO  [connection] Opened connection 
[connectionId{localValue:4, serverValue:135}] to 192.168.17.15:27017
2016-10-17T18:16:49.167Z WARN  [ProxiedResource] Unable to call 
https://10.0.0.16:9000/api/system/metrics/multiple on node 
<47a1a76e-45e1-4872-bd83-8daa2884fdc4>
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: 
PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find 
valid certification path to requested target
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 
~[?:1.8.0_65]
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) 
~[?:1.8.0_65]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) 
~[?:1.8.0_65]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) 
~[?:1.8.0_65]
        at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) 
~[?:1.8.0_65]
        at 
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) 
~[?:1.8.0_65]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) 
~[?:1.8.0_65]
        at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) 
~[?:1.8.0_65]
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) 
~[?:1.8.0_65]
        at 
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) 
~[?:1.8.0_65]
        at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) 
~[?:1.8.0_65]
        at 
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) 
~[?:1.8.0_65]
        at 
okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:241) 
~[graylog.jar:?]
        at 
okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:198)
 ~[graylog.jar:?]
        at 
okhttp3.internal.connection.RealConnection.buildConnection(RealConnection.java:174)
 ~[graylog.jar:?]
        at 
okhttp3.internal.connection.RealConnection.connect(RealConnection.java:114) 
~[graylog.jar:?]
        at 
okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:193)
 ~[graylog.jar:?]
        at 
okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:129)
 ~[graylog.jar:?]
        at 
okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:98)
 ~[graylog.jar:?]
        at 
okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
 ~[graylog.jar:?]
        at 
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
 ~[graylog.jar:?]
        at 
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
 ~[graylog.jar:?]
        at 
okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:109) 
~[graylog.jar:?]
        at 
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
 ~[graylog.jar:?]
        at 
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
 ~[graylog.jar:?]
        at 
okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93) 
~[graylog.jar:?]
        at 
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
 ~[graylog.jar:?]
        at 
okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:124)
 ~[graylog.jar:?]
        at 
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
 ~[graylog.jar:?]
        at 
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
 ~[graylog.jar:?]
        at 
org.graylog2.rest.RemoteInterfaceProvider.lambda$get$0(RemoteInterfaceProvider.java:59)
 ~[graylog.jar:?]
        at 
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
 ~[graylog.jar:?]
        at 
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
 ~[graylog.jar:?]
        at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:170) 
~[graylog.jar:?]
        at okhttp3.RealCall.execute(RealCall.java:60) ~[graylog.jar:?]
        at retrofit2.OkHttpCall.execute(OkHttpCall.java:174) ~[graylog.jar:?]
        at 
org.graylog2.shared.rest.resources.ProxiedResource.lambda$null$0(ProxiedResource.java:76)
 ~[graylog.jar:?]
        at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_65]
        at 
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) 
[?:1.8.0_65]
        at 
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) 
[?:1.8.0_65]
        at java.lang.Thread.run(Thread.java:745) [?:1.8.0_65]
Caused by: sun.security.validator.ValidatorException: PKIX path building 
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) 
~[?:1.8.0_65]
        at 
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) 
~[?:1.8.0_65]
        at sun.security.validator.Validator.validate(Validator.java:260) 
~[?:1.8.0_65]
        at 
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) 
~[?:1.8.0_65]
        at 
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
 ~[?:1.8.0_65]
        at 
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
 ~[?:1.8.0_65]
        at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) 
~[?:1.8.0_65]
        ... 36 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable 
to find valid certification path to requested target
        at 
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
 ~[?:1.8.0_65]
        at 
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
 ~[?:1.8.0_65]
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) 
~[?:1.8.0_65]
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) 
~[?:1.8.0_65]
        at 
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) 
~[?:1.8.0_65]
        at sun.security.validator.Validator.validate(Validator.java:260) 
~[?:1.8.0_65]
        at 
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) 
~[?:1.8.0_65]
        at 
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
 ~[?:1.8.0_65]
        at 
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
 ~[?:1.8.0_65]
        at 
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491) 
~[?:1.8.0_65]
        ... 36 more

Reply via email to