[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https
Hi Thank you very much it is good rest_transport_uri which(who) was badly configured =) I already have try to configure him(it) but in vain Meric very once again In the next one Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/b2eff5ef-aa51-41ac-bfe1-fb4232e4032f%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https
Hi Giwenn, On Friday, 3 February 2017 10:04:51 UTC+1, Giwenn Launay wrote: > > It's good? > As long as you're using serv-XXX-log-2.XXX.XXX.com in your rest_transport_uri setting, it should be fine. Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/e55b0f9e-45db-4862-ac0a-581783afffdb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https
And this is what I puts when I to create my certificate: Country Name (2 letter code) [XX]:FR State or Province Name (full name) []:France Locality Name (eg, city) [Default City]:XXX Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []:Info Common Name (eg, your name or your server's hostname) []:serv-XXX-log-2.XXX.XXX.com Email Address []:xxx.x...@xxx.com [root@serv-cor-log-2 certificate]# hostname -f serv-XXX-log-2.XXX.XXX.com [root@serv-cor-log-2 certificate]# It's good? -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/a5c8ecc3-1a3e-456b-8cf4-3340f32480e4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https
Hi, I have already tried with a different common name ex: serv-XX-log-2. XXX.XXX.com but always the same error. On the other hand when I created my certificate, he does not ask me to inform the field AltSubjName, it is normal? Cheers, Giwenn -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/8a399a07-8a70-4a0b-ad11-47a2b59ce933%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https
Hi Giwenn, what are the attributes of your self-signed certificate, especially the CommonName (CN) and optionally the AltSubjName? In your first message, it looks like it was CN=10.22.5.24:9000, which is wrong (it has to be the host name of the Graylog node, i. e. CN=10.22.5.24 or CN=graylog.example.com). Cheers, Jochen On Thursday, 2 February 2017 16:48:43 UTC+1, Giwenn Launay wrote: > > Hi Jochen, > > > Here are the commands that I pass to put my server graylog in HTTPS: > > 1- > > openssl req -x509 -days 7300 -nodes -newkey rsa:2048 -keyout graylogkey.pem > -out graycert.pem > > 2- openssl pkcs8 -in graylogkey.pem -topk8 -nocrypt -out graykey.pem > > 3- configuration this server.conf: > > rest_enable_tls = true > rest_tls_cert_file = /path/to/graycert.pem > rest_tls_key_file = /path/to/graylog-key.pem > web_enable_tls = true > web_tls_cert_file = /path/to/graycert.pem > web_tls_key_file = /path/to/graykey.pem > > I have not set a password for the keys yet. > > 4 - keytool -importcert -keystore > /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts > -storepass changeit -alias graylog-self-signed -file graycert.pem > > 5 - Verify that the certificate has been added: > > keytool -keystore > /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts > -storepass changeit -list | grep graylog-self-signed -A1 > > answer: > graylog-self-signed, 2 févr. 2017, trustedCertEntry, > Empreinte du certificat (SHA1) : > 78:1B:E5:57:92:7C:65:43:69:E2:4E:20:34:E3:BB:7D:F7:33:D8:08 > > 6- Addition of the instruction in the jvm trust: > > GRAYLOG_SERVER_JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts" > > 7- restart the server > > > The error message appears when connecting to the web page. The inputs and > outputs do not work, they are in not running mode. > Is my configuration good? > > Thank =) > > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/1656783b-f336-4d0a-83b2-f7e363454bc5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https
Hi Jochen, Here are the commands that I pass to put my server graylog in HTTPS: 1- openssl req -x509 -days 7300 -nodes -newkey rsa:2048 -keyout graylogkey.pem -out graycert.pem 2- openssl pkcs8 -in graylogkey.pem -topk8 -nocrypt -out graykey.pem 3- configuration this server.conf: rest_enable_tls = true rest_tls_cert_file = /path/to/graycert.pem rest_tls_key_file = /path/to/graylog-key.pem web_enable_tls = true web_tls_cert_file = /path/to/graycert.pem web_tls_key_file = /path/to/graykey.pem I have not set a password for the keys yet. 4 - keytool -importcert -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts -storepass changeit -alias graylog-self-signed -file graycert.pem 5 - Verify that the certificate has been added: keytool -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts -storepass changeit -list | grep graylog-self-signed -A1 answer: graylog-self-signed, 2 févr. 2017, trustedCertEntry, Empreinte du certificat (SHA1) : 78:1B:E5:57:92:7C:65:43:69:E2:4E:20:34:E3:BB:7D:F7:33:D8:08 6- Addition of the instruction in the jvm trust: GRAYLOG_SERVER_JAVA_OPTS="-Djavax.net.ssl.trustStore=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64-debug/jre/lib/security/cacerts" 7- restart the server The error message appears when connecting to the web page. The inputs and outputs do not work, they are in not running mode. Is my configuration good? Thank =) -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/73a0db75-1713-466a-acdf-3d98c3137b51%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https
Hi Giwenn, On Thursday, 2 February 2017 14:20:17 UTC+1, Giwenn Launay wrote: > > You have another solution ??? > What didn't work with the one outlined in the Graylog documentation? Cheers, Jochen -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/9d5f1d82-1e2d-4b6a-a7b0-6e109939cd26%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https
You have another solution ??? For more than 2 weeks I have been trying to solve this error Thank =) -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/e213d8d0-9615-4902-9796-ad8b41c8cad0%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https
Yes, I added GRAYLOG_SERVER_JAVA_OPTS= "-Djavax.net.ssl.trustStore=/etc/graylog/certificate/cacerts.jks" in the /etc/sysconfig/graylog-server And I did not change the password by default Thank you for the speed of your answer -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/22b44d31-fb9e-4d89-8c4e-fbb26a3f78e6%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https
Yes, I added GRAYLOG_SERVER_JAVA_OPTS= "-Djavax.net.ssl.trustStore=/etc/graylog/certificate/cacerts.jks" in the /etc/sysconfig/graylog-server And I did not change the password by default Thank you for the speed of your answer On Thursday, February 2, 2017 at 12:55:42 PM UTC+1, Jochen Schalanda wrote: > > Hi Giwenn, > > you have to add your self-signed certificate to the JVM's trust store: > http://docs.graylog.org/en/2.1/pages/configuration/https.html#adding-a-self-signed-certificate-to-the-jvm-trust-store > > Cheers, > Jochen > > On Thursday, 2 February 2017 12:43:47 UTC+1, Giwenn Launay wrote: >> >> Hello, >> >> I'll contact you because I have a problem with the https of my Graylog >> server. >> I generated the self-signed certificate and added the certificate to the >> JVM >> >> Here is my error message: >> >> You can not call https://10.22.5.24:9000/api/system/metrics/multiple on >> node <88d73a41-f393-43db-80e6- 85b80dd1d4f6> >> Javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not >> verified: >> Certificate: sha256 / a6eF3sXXGHb2 / Qni7qcRXNjM6JV6 + nuD4OADQ81Mczo = >> DN: EMAILADDRESS = x...@xxx.com, CN = 10.22.5.24: 9000, OR = XX, O = >> , L = , ST = France, C = FR >> SubjectAltNames: [] >> >> Can anyone help me? >> Thank you >> > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/86629dfe-e6de-4f9b-a28b-aa26540e6696%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[graylog2] Re: javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified - https
Hi Giwenn, you have to add your self-signed certificate to the JVM's trust store: http://docs.graylog.org/en/2.1/pages/configuration/https.html#adding-a-self-signed-certificate-to-the-jvm-trust-store Cheers, Jochen On Thursday, 2 February 2017 12:43:47 UTC+1, Giwenn Launay wrote: > > Hello, > > I'll contact you because I have a problem with the https of my Graylog > server. > I generated the self-signed certificate and added the certificate to the > JVM > > Here is my error message: > > You can not call https://10.22.5.24:9000/api/system/metrics/multiple on > node <88d73a41-f393-43db-80e6- 85b80dd1d4f6> > Javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.22.5.24 not verified: > Certificate: sha256 / a6eF3sXXGHb2 / Qni7qcRXNjM6JV6 + nuD4OADQ81Mczo = > DN: EMAILADDRESS = x...@xxx.com, CN = 10.22.5.24: 9000, OR = XX, O = > , L = , ST = France, C = FR > SubjectAltNames: [] > > Can anyone help me? > Thank you > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/96012e8e-5092-437f-8d22-0b89878bc838%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.