TL;DR summary: NXLog won't load my certificate - why?

I've set up an NXlog CE server to act as an encrypted entrypoint for a Graylog server. After creating a self-signed certificate and adding it to the configuration, I get an unexpected error in the log when NXlogs starts up.

2015-07-10 06:49:22 INFO reloading configuration and restarting modules
2015-07-10 06:49:22 ERROR SSL error, Failed to open certfile: "/certificates/client.pem";No such file or directory
2015-07-10 06:49:22 INFO configuration reloaded successfully.

I assumed it might be a file rights issue, but looking at the files, it seems like the rights are actually a little too loose for comfort:

root@e757dae37501:/# ll /certificates/
total 20
drwxr-xr-x  2 nxlog nxlog 4096 Jul 10 06:32 ./
drwxr-xr-x 49 root  root  4096 Jul 10 06:32 ../
-rw-r--r--  1 nxlog nxlog 1387 Jul  9 15:51 ca.pem
-rw-r--r--  1 nxlog nxlog  887 Jul  9 15:54 client.key
-rw-r--r--  1 nxlog nxlog 1001 Jul  9 15:55 client.pem

My NXlog configuration looks like this:

<Input inssl>
    Module im_ssl
    Port 1515
    InputType Binary
    CAFile "/certificates/ca.pem"
    CertFile "/certificates/client.pem"
    CertKeyFile "/certificates/client.key"
    KeyPass secret
    RequireCert FALSE
    AllowUntrusted TRUE

I've tried looking at the source code for the SSL module, but it looks like the line that fails is not related to validation but simple file access. I have no idea how to proceed. Suggestions?

AskedJuly 10, 2015 - 9:13am

Answer (1)