Hi Jochen,
Here are the commands that I pass to put my server graylog in HTTPS: 1- openssl req -x509 -days 7300 -nodes -newkey rsa:2048 -keyout graylogkey.pem -out graycert.pem 2- openssl pkcs8 -in graylogkey.pem -topk8 -nocrypt -out graykey.pem 3- configuration this server.conf: rest_enable_tls = true rest_tls_cert_file = /path/to/graycert.pem rest_tls_key_file = /path/to/graylog-key.pem web_enable_tls = true web_tls_cert_file = /path/to/graycert.pem web_tls_key_file = /path/to/graykey.pem I have not set a password for the keys yet. 4 - keytool -importcert -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts -storepass changeit -alias graylog-self-signed -file graycert.pem 5 - Verify that the certificate has been added: keytool -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts -storepass changeit -list | grep graylog-self-signed -A1 answer: graylog-self-signed, 2 févr. 2017, trustedCertEntry, Empreinte du certificat (SHA1) : 78:1B:E5:57:92:7C:65:43:69:E2:4E:20:34:E3:BB:7D:F7:33:D8:08 6- Addition of the instruction in the jvm trust: GRAYLOG_SERVER_JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts" 7- restart the server The error message appears when connecting to the web page. The inputs and outputs do not work, they are in not running mode. Is my configuration good? Thank =) -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/73a0db75-1713-466a-acdf-3d98c3137b51%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
