So I managed to resolve the issue with private key in step 7 of my first
post and proceeded and completed step 9 above and imported the self-signed
cert into the copied cacerts.jks)
(I cannot query the new cacert.jks though as it gives this error
keytool -keystore ./cacerts.jks -list |grep graylog-self-signed
keytool error: java.security.cert.CertificateParsingException:
java.io.IOException: RFC822Name may not be null or empty
). Since I get the same error when quering the main
/usr/java/jdk1.8/.../cacerts.jks I decided to proceed.
However restarting graylog-server doesn't work still as I keep getting this
error -
Server currently unavailable
We are experiencing problems connecting to the Graylog server running on
*https://graylog-web01:12900/
*
Please verify that the server is healthy and working correctly.
You will be automatically redirected to the previous page once we can
connect to the server.
Also, I switched to using just one graylog-server which is the simplest
case - 1 graylog server with https setup, to see if just https works and
I'm seeing another weird behavior -
in graylog-server/server.conf I set
rest_listen_uri = https://graylog-web01
web_listen_uri = https://graylog-web01
rest_enable_tls = true
web_enable_tls = true
(I left the is_master=true in there)
I didn't point it to my self signed cert as the doc says it will generate
its own which it did checking the browser presented cert.
However, when connecting to https://graylog-web01:9000 I get the same
Server Unavailable error.
Whats interesting is More Details shows
Error message
Bad requestOriginal RequestGET
https://graylog-web01:12900/system/sessionsStatus
codeundefinedFull error messageError: Request has been terminated Possible
causes: the network is offline, Origin is not allowed by
Access-Control-Allow-Origin, the page is being unloaded, etc.
But if I open a new tab and go to https://graylog-web01:12900/system/sessions,
then I get "
{"is_valid":false}" in that tab.
And the other tab with the main graylog web interface then starts working for
most part.
System -> Logging or System -> Nodes fails with a picture of a monkey with a
banana hat (!?) when querying the node.
Logs show
2016-07-28T09:34:46.954-04:00 WARN [ProxiedResource] Unable to call
https://graylog-web01:12900/system/metrics/multiple on node
<90a4086e-d119-...>, caught exception: java.security.cert.CertificateException:
No X509TrustManager implementation available (class
javax.net.ssl.SSLHandshakeException)
*What is going wrong here and what is the fix and proper way to get https going
with graylog 2.0.2? Also has anyone else managed to get it working behind a
load balancer like haproxy (with ssl passthrough or ssl termination)*
Note that without ssl, everything works well via haproxy load_balancer to 2
graylog-web app clusters and 3 backend ES nodes and mongodb on 2 graylog-app
cluster + 1 mongod arbiter on load_balancer node.
Thanks,
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to graylog2+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/bf5a014f-2cd8-4947-8118-25ad86f8eb6c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
