I have stored a correct certificate in the Graylog configuration file, in the correct format. The web interface is also accessible via https. However, I get the following error message:

WARN [ProxiedResource] Unable to call https://<...>/api/system/metrics/multiple on node <...>: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
WARN [ProxiedResource] Unable to call https://<...>/api/system/inputstates on node <...>: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I work on Debian 10 with Graylog 5.0 My Server conf hope someone can help me

I have stored a correct certificate in the Graylog configuration file, in the correct format. The web interface is also accessible via https. However, I get the following error message.
I have also packed the certificate chain into the cacerts file from elastic via keytool

Last time I was able to work around it by adding a local dns entry to the hosts file, which set the Hostname to the public IP (the certificate did not contain the ip. But now it is) or do I have the wrong approach?

CodePudding user response：

At first search for the cacerts for graylog

sudo find / -name cacerts

then put in the cert chain via keytool

sudo keytool -import -keystore /usr/share/graylog-server/jvm/lib/security/cacerts -file /etc/ssl/certs/gray.pem

Once this was done it started working.