Re: [graylog2] Feature request - SSL validator as an option

2016-07-25 Thread Jan Doberstein 
Hej Mathieu,


I have upgraded my platform to Graylog 2.0.3 and changed some 
configuration items and my reverse proxies to use both the web interface 
and the REST one. 

As a consequence the web interface now uses a signed SSL certificate 
(https://graylog.example.com) and the webservices gateway does not 
(self-signed one, https://graylog-ws.example.com).

wouldn’t help this in your situation?

http://docs.graylog.org/en/2.0/pages/configuration/https.html#adding-a-self-signed-certificate-to-the-jvm-trust-store


With kind regards
Jan

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/etPan.5795e60d.39274516.a87%40jalogisch.de.
For more options, visit https://groups.google.com/d/optout.


signature.asc
Description: Message signed with OpenPGP using AMPGpg

[graylog2] Feature request - SSL validator as an option

2016-07-25 Thread Grzybek Mathieu CNE (GAE BCQ STIG CTGN) 

Dear all,

I have upgraded my platform to Graylog 2.0.3 and changed some 
configuration items and my reverse proxies to use both the web interface 
and the REST one.


As a consequence the web interface now uses a signed SSL certificate 
(https://graylog.example.com) and the webservices gateway does not 
(self-signed one, https://graylog-ws.example.com). Many error messages 
are now written in the server.log file:


WARN  [ProxiedResource] Unable to call 
https://***/system/metrics/multiple on node 
<9c0311bc-3d18-44bd-8011-2952926f0f7c>, caught exception: 
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target (class 
javax.net.ssl.SSLHandshakeException)


Two ideas come to my mind :
1. beeing able to skip the certificate validation (bad idea...)
2. beeing able to give the certificate details to the Graylog node to 
pass the validation process


What do you think ?

Mathieu

--
Le capitaine Mathieu GRZYBEK
COMSOPGN / STIG / BCQ / GAE
Fort de Rosny
Avenue Théophile Sueur
93111 Rosny-sous-Bois Cedex
France
Tel: +33 (0) 158 665 225

--
Message envoyé grâce à OBM , la Communication Libre par 
Linagora 


--
You received this message because you are subscribed to the Google Groups "Graylog 
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5795DF4D.9060204%40gendarmerie.interieur.gouv.fr.
For more options, visit https://groups.google.com/d/optout.
Ce message électronique et tous les fichiers attachés qu'il contient sont 
confidentiels et destinés exclusivement à l'usage de la personne à laquelle ils 
sont adressés. Si vous avez reçu ce message par erreur, merci de le retourner à 
son émetteur. La publication, l'usage, la distribution, l'impression ou la 
copie non autorisée de ce message et des attachements qu'il contient sont 
strictement interdits.

En cas d'urgence, composez le 17 ou le 112.
Afin de contribuer au respect de l'environnement, merci de n'imprimer cet 
e-mail qu'en cas de necessite.

This e-mail and any files transmitted with it are confidential and intended 
solely for the use of the individual to whom it is addressed. If you have 
received this email in error please send it back to the person that sent it to 
you. Unauthorized publication, use, dissemination, forwarding, printing or 
copying of this email and its associated attachments is strictly prohibited.

In case of emergency, dial number 17 or 112.
To contribute to the environmental protection, please print this e-mail only if 
necessary. 

-- 
You received this message because you are subscribed to the Google Groups 
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/graylog2/5795DF4D.9060204%40gendarmerie.interieur.gouv.fr.
For more options, visit https://groups.google.com/d/optout.