CODEWITHSUNDEEP
elasticsearchlogstashlogstash-configuration
Whereismywall
Whereismywall

Reputation: 197

logstash unable to reach elastic server unable to find valid certification path to requested target

I am trying to use logstash to connect my MSSQL server with elastic for real time sync. I have installed elastic 8.3.3 and kibana 8.3.3, I am able to log in to kibana and create some sample index users_test and one sample text variable "name". Elastic is running on https://localhost:9200/, i verified by logging into and got the success message.

I have created a sample config file for logstash

input {
  jdbc {
    jdbc_driver_library => "D:\sqljdbc_12.2.0.0_enu\sqljdbc_12.2\enu\mssql-jdbc-12.2.0.jre8.jar"
    jdbc_driver_class => "com.microsoft.sqlserver.jdbc.SQLServerDriver"
    jdbc_connection_string => "jdbc:sqlserver://<dbpath>/<dbname>"
    jdbc_user => <db_userid>
    jdbc_password => <db_passwd>
    statement => "SELECT * FROM Users"
  }
}

output {
  elasticsearch {
        hosts => ["https://localhost:9200/"]
      index => "users_test"
  }
}

i run it with logstash.bat -f sql.conf and get the error message. logstash is also

Attempted to resurrect connection to dead ES instance, but got an error {:url=>"https://localhost:9200/", :exception=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :message=>"Elasticsearch Unreachable: [https://localhost:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}

Upvotes: 0

Views: 6189

Answers (1)

Val
Val

Reputation: 217254

The error message says

unable to find valid certification path to requested target

The reason is explained here

sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target and javax.net.ssl.SSLException: Received fatal alert: certificate_unknown This SunCertPathBuilderException indicates that a certificate was returned during the handshake that is not trusted. This message is seen on the client side of the connection. The SSLException is seen on the server side of the connection. The CA certificate that signed the returned certificate was not found in the keystore or truststore and needs to be added to trust this certificate.

You need to add the cacert parameter to your elasticsearch output to validate the certificate returned from the server and you also probably need to add a username and password as well:

  elasticsearch {
      hosts => ["https://localhost:9200/"]
      index => "users_test"
      cacert => "/path/to/the/ca/cert"
      user => "username"
      password => "password"
  }

Upvotes: 2

Related Questions