Changed permissions to 0444 for cert/key files and 0755 for embracing
folder - restarted without problem.
The issue starts when I login via GUI - attached WARN message - see
attached file.
Why it refers to my secondary interface (10.0.0.16) and not primary one
192.168.17.15 ?
Please clarify - what could be wrong?
Cheers
Evgueni
On Sunday, October 16, 2016 at 11:24:36 PM UTC-7, Jochen Schalanda wrote:
>
> Hi Evgueni,
>
> On Friday, 14 October 2016 22:32:58 UTC+2, Evgueni Gordienko wrote:
>>
>> I enabled tls and the file graylog complains about is there and hase 0777
>> permissions set but still I get:
>>
>
> Access permissions of 0777 (readable, writable, and executable for
> everyone) are a bit too permissive.
>
> The private key and certificate files must simply be readable and the
> directories must be usable (i. e. readable and executable) by the system
> user running Graylog (e. g. "graylog" in most cases).
>
> You can check this by running namei -l
> /etc/graylog/secrets/pkcs8-encrypted.pem.
>
> On Sunday, 16 October 2016 17:16:44 UTC+2, Evgueni Gordienko wrote:
>>
>> But even after that it looks like I'm having same issue as in
>>
>> https://groups.google.com/forum/#!searchin/graylog2/read$20key|sort:relevance/graylog2/V4eqM5ah_ik/wDmRW7JFBQAJ
>>
>
> Which issue is this, specifically?
>
> Cheers,
> Jochen
>
--
You received this message because you are subscribed to the Google Groups
"Graylog Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/graylog2/af8c29bc-9a0c-4c05-a1d1-5ef341f9ca61%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
2016-10-17T18:16:39.287Z INFO [connection] Opened connection
[connectionId{localValue:4, serverValue:135}] to 192.168.17.15:27017
2016-10-17T18:16:49.167Z WARN [ProxiedResource] Unable to call
https://10.0.0.16:9000/api/system/metrics/multiple on node
<47a1a76e-45e1-4872-bd83-8daa2884fdc4>
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
~[?:1.8.0_65]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949)
~[?:1.8.0_65]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
~[?:1.8.0_65]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
~[?:1.8.0_65]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
~[?:1.8.0_65]
at
sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
~[?:1.8.0_65]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
~[?:1.8.0_65]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
~[?:1.8.0_65]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062)
~[?:1.8.0_65]
at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
~[?:1.8.0_65]
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
~[?:1.8.0_65]
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
~[?:1.8.0_65]
at
okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:241)
~[graylog.jar:?]
at
okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:198)
~[graylog.jar:?]
at
okhttp3.internal.connection.RealConnection.buildConnection(RealConnection.java:174)
~[graylog.jar:?]
at
okhttp3.internal.connection.RealConnection.connect(RealConnection.java:114)
~[graylog.jar:?]
at
okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:193)
~[graylog.jar:?]
at
okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:129)
~[graylog.jar:?]
at
okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:98)
~[graylog.jar:?]
at
okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
~[graylog.jar:?]
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
~[graylog.jar:?]
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
~[graylog.jar:?]
at
okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:109)
~[graylog.jar:?]
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
~[graylog.jar:?]
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
~[graylog.jar:?]
at
okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
~[graylog.jar:?]
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
~[graylog.jar:?]
at
okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:124)
~[graylog.jar:?]
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
~[graylog.jar:?]
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
~[graylog.jar:?]
at
org.graylog2.rest.RemoteInterfaceProvider.lambda$get$0(RemoteInterfaceProvider.java:59)
~[graylog.jar:?]
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
~[graylog.jar:?]
at
okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
~[graylog.jar:?]
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:170)
~[graylog.jar:?]
at okhttp3.RealCall.execute(RealCall.java:60) ~[graylog.jar:?]
at retrofit2.OkHttpCall.execute(OkHttpCall.java:174) ~[graylog.jar:?]
at
org.graylog2.shared.rest.resources.ProxiedResource.lambda$null$0(ProxiedResource.java:76)
~[graylog.jar:?]
at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_65]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
[?:1.8.0_65]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
[?:1.8.0_65]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_65]
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to
find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
~[?:1.8.0_65]
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
~[?:1.8.0_65]
at sun.security.validator.Validator.validate(Validator.java:260)
~[?:1.8.0_65]
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
~[?:1.8.0_65]
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
~[?:1.8.0_65]
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
~[?:1.8.0_65]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
~[?:1.8.0_65]
... 36 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146)
~[?:1.8.0_65]
at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131)
~[?:1.8.0_65]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
~[?:1.8.0_65]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
~[?:1.8.0_65]
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
~[?:1.8.0_65]
at sun.security.validator.Validator.validate(Validator.java:260)
~[?:1.8.0_65]
at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
~[?:1.8.0_65]
at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
~[?:1.8.0_65]
at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
~[?:1.8.0_65]
at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1491)
~[?:1.8.0_65]
... 36 more
