1. Describe your incident:
My dashboard is not being loaded in HTTPS at port 9000

2. Describe your environment:

Operating System: Ubuntu 22.04.1 LTS
Kernel: Linux 5.17.0-1020-oem
Architecture: x86-64

Package Version: Graylog 4.1, mongoDB 4.4

Service logs, configurations, and environment variables:

systemctl status from graylog (issued):
graylog-server[79052]: 23:41:38.322 [main] ERROR org.graylog2.storage.versionprobe.VersionProbe - Unable to retrieve version from Elasticsearch node: unexpected end of stream on *http:// 192.168. 15.168: 9200/… - \n not found: limit=0 content=….

/etc/graylog/server/server.conf:
elasticsearch_hosts = http ://user:pw@192. 168. 15.168: 9200 (user pw differente from this print)
password_secret = j2tB(…)G8iv
root_password_sha2 = 8(…)fd
http_bind_address = 0.0.0.0:9000

opensearch_dashboards.yml:
server.host: 0.0.0.0
server.port: 443
opensearch.hosts: *htt ps://1 92.168.15.16 8:9 200
opensearch.ssl.verificationMode: certificate

Root CA imported with successfull:
Command:keytool -importcert -keystore /etc/graylog/server/certs/cacerts -storepass changeit -alias root_ca -file /etc/graylog/server/certs/root-ca.pem

Alias name: root_ca
Creation Date: Nov 16 from 2022
Entry type: trustedCertEntry

Owner: L=California, O=Wazuh, OU=Wazuh
Issuer: L=California, O=Wazuh, OU=Wazuh
Serial number: 3(…)3
Valid from: Wed Nov 16 11:58:18 EDT 2022 until: Sat Nov 13 11:58:18 EDT 2032
Certificate Fingerprints:
SHA1: A0:…:34
SHA256: 88:…:3A: 0B:…F3
Signature Algorithm Name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 96 … 6F …xU.C…A…to
0010: 4E … N%…

#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen: no limit

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 96 … 6F …xU.C…A…to
0010: 4E … N%…

/etc/default/graylog-server (line to gralyog uses the ssl certificate):
GRAYLOG_SERVER_JAVA_OPTS=“$GRAYLOG_SERVER_JAVA_OPTS -Dlog4j2.formatMsgNoLookups=true -Djavax.net.ssl.trustStore=/etc/graylog/server/certs/cacerts -Djavax.net.ssl.trustStorePassword=changeit”

3. What steps have you already taken to try and solve the problem?
Restart the graylog service and validate the config, with the correct setup, the graylog cannot start the service to open GUI (even with status running), the htt ps://i p:920 0 does not load the GUI and service has the status:
ERROR org.graylog2.storage.versionprobe.VersionProbe - Unable to retrieve version from Elasticsearch node: unexpected end of stream on *htt p:/ /192 .1 68.15.16 8:9200/… - \n not found: limit=0 content=…

4. How can the community help?
Please, kidnly help me to evaluate what is wrong in this configuration between wazhu and gralyog to uses SSL for HTTPS.

Thank you and Best Regards,

I had a similar issue in the past.
To fix it, I edited /etc/graylog/server/server.conf and added:

elasticsearch_version = 7

Then restarted Graylog.

I assume that your GL server can reach ES.

Do the files
/etc/wazuh-dashboard/certs/dashboard-key.pem
/etc/wazuh-dashboard/certs/dashboard.pem

have the right permissions for the graylog user to read them?

If you accept a suggestion, install and configure nginx as a reverse proxy and access GL on port 80 or 443. Makes things easier…

Hi m_mlk

Thank you for your sugestion, I will not perform at this time, while I need to finish this install at least.

Regarding your fix, does not worked for me, see that I’ve edit the file with version proposed

Also see that certs has the readle chmod values 444 for root, users and everyone:
(I’ll sent in trailling below)

But even do, system is not found by Graylog after a restart
(I’ll sent in trailling below)

Thank you for your help.

I Found the fix guys, is totally simples.

Just edit the /etc/graylog/server/server.conf at the elasticsearch_hosts from http to https

from elasticsearch_hosts = http://:@:9200
to elasticsearch_hosts = https://:@:9200