Hi all, has anyone had any success converting their TLS ceritificates for graylog web from versions 1 (e.g. 1.3.x) to version 2 of graylog?
Maybe I'm just not getting it, but I'm having trouble figuring out EXACTLY what file format the certificate needs to be in. Previously with v1.x web interface it used a javakeystore. HOWEVER, this is no longer in use and the upgrade path is not clear. I found some documentation that talks about exporting keys from the keystore but the terminilogy is very inconsistent depending on the webpage/documentation. I got as far as exporting the "private key" (no clue if this is the correct format) keytool -importkeystore -srckeystore graylog2.keystore -destkeystore new-store.p12 -deststoretype PKCS12 openssl pkcs12 -info -in new-store.p12 openssl pkcs12 -in new-store.p12 -nocerts -out gl2web_privateKey.pem to produce supposedly what the documentation for graylog claims it needs, I do something similar for the public key keytool -export -keystore graylog2.keystore -alias graylog2key -file Example.cer openssl x509 -in Example.cer -inform der -text -noout openssl x509 -inform der -in Example.cer -out gl2web_publickey.pem I get this error I end up with this error which is vague, but I think tells me my certificate configuration is useless. 2016-04-12 10:06:27,503 ERROR: com.google.common.util.concurrent.ServiceManager - Service WebInterfaceService [FAILED] has failed in the STARTING state. java.io.IOException: ObjectIdentifier() -- data isn't an object ID (tag = 48) at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:253) ~[?:1.8.0_77] at sun.security.util.DerInputStream.getOID(DerInputStream.java:281) ~[?:1.8.0_77] at com.sun.crypto.provider.PBES2Parameters.engineInit(PBES2Parameters.java:267) ~[sunjce_provider.jar:1.8.0_77] at java.security.AlgorithmParameters.init(AlgorithmParameters.java:293) ~[?:1.8.0_77] at sun.security.x509.AlgorithmId.decodeParams(AlgorithmId.java:132) ~[?:1.8.0_77] at sun.security.x509.AlgorithmId.<init>(AlgorithmId.java:114) ~[?:1.8.0_77] at sun.security.x509.AlgorithmId.parse(AlgorithmId.java:372) ~[?:1.8.0_77] at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:95) ~[?:1.8.0_77] at org.graylog2.shared.security.tls.PemKeyStore.generateKeySpec(PemKeyStore.java:69) ~[graylog.jar:?] at org.graylog2.shared.security.tls.PemKeyStore.buildKeyStore(PemKeyStore.java:96) ~[graylog.jar:?] at org.graylog2.shared.initializers.AbstractJerseyService.buildSslEngineConfigurator(AbstractJerseyService.java:185) ~[graylog.jar:?] at org.graylog2.shared.initializers.AbstractJerseyService.setUp(AbstractJerseyService.java:156) ~[graylog.jar:?] at org.graylog2.initializers.WebInterfaceService.startUp(WebInterfaceService.java:46) ~[graylog.jar:?] at com.google.common.util.concurrent.AbstractIdleService$DelegateService$1.run(AbstractIdleService.java:60) [graylog.jar:?] at com.google.common.util.concurrent.Callables$3.run(Callables.java:100) [graylog.jar:?] at java.lang.Thread.run(Thread.java:745) [?:1.8.0_77] -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to graylog2+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/13160a96-aeb6-4c5e-82f0-a387d802d983%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.