![]() ![]() Issuer: CN=, OU=Unknown, O="Graylog, Inc.", L=Hamburg, ST=Hamburg, C=DE Owner: CN=, OU=Unknown, O="Graylog, Inc.", L=Hamburg, ST=Hamburg, C=DE $ keytool -list -v -keystore keystore.jks -alias Creating a Self-Signed Private Key/CertificateĬreate a file named openssl-graylog.cnf with the following content (customized to your needs): When you are configuring TLS, you need to make sure that your certificate/key files are in the right format, which is X.509 for certificates and PKCS#8 for the private keys. Just add the certificate authority to the keystore and all certificates are trusted. Same when you pay for certificates or use a free Certificate authority like let’s encrypt to get the server certificates. ![]() Add the certificate authority key to the keystore and all certificates that are signed by this certificate authority will be trusted. ![]() The same can be done if you have already your own certificate authority, you only need the certificates and keys in the format that can be used with Graylog. You only add the certificate authority once to the key store and all certificates that are created with this authority will be trusted. The second option would be to create your own certificate authority. Each node needs to trust all certificates from all other nodes. Since you will need to do this for every certificate and every trust store, this quickly becomes unmanageable in a clustered architecture. The first would be to create a self-signed certificate, add that to the previously copied java keystore and use this keystore with your Graylog java options. You have multiple options to ensure that your connection is secure and safe. Hint: If you’re operating a single-node setup and would like to use HTTPS for the Graylog web interface and the Graylog REST API, it’s possible to use NGINX or Apache as a reverse proxy.
0 Comments
Leave a Reply. |