Fail to verify TLS certificates


#1

Hi,

I have filed a bug against the graylog snap but I’m also unsure of what the fix should be:
https://bugs.launchpad.net/graylog-charm/+bug/1813914

It seems like the graylog daemon is missing “-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts” so it can try to make sending emails via STARTTLS tcp/25 work. I think the snap won’t have access to that folder, and /etc/ssl might need to be copied to /snap/graylog/current/etc/ssl. Is this correct?

OTOH, /etc/ssl/certs/java/cacerts doesn’t exist, and /snap/graylog/current/etc/ssl/certs/java folder exists but it is empty.

For now, I have disabled TLS on graylog so emails are sent unencrypted. What would be the best approach to fix this bug?

Thank you,
-Alvaro.