Cert Path error when testing HTTP notification

I’m trying to get some HTTP notifications working for our new Graylog server (Graylog 4)
All of our internal sites use certs signed by our own internal CA, so naturally Graylog is having issues with that giving the following error every time I try to test the notification.

Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Now so far I have tried everything I can find and think of to fix the error and nothing has worked.

  • Imported all certs in the chain for the target server into the jvm keystore
  • Ensured that they are all under an alias that matches the cert CN
  • Tested the connection with a simple java SSLPoke file (Works fine, no errors)
  • Explicitly pointed Graylog at the keystore
    Probably a few other things I forgot already.

At this point, I’ve got no idea what else to try to get this to work.
So if anyone has any suggestions please send them my way!

@wedgerancer
Hello and Welcome,
Maybe I can offer some suggestions for you.

Just a suggestion, this is how I solved my issue with that error. I had to make sure Graylog was able to access the keystore and certificates.

add “-Djavax.net.ssl.trustStore=/etc/ssl/certs/graylog/graylog-key.jks” em /etc/sysconfig/graylog-server

chown graylog:graylog -R /etc/graylog/certs

keytool -importcert -keystore graylog-key.jks -storepass secret -alias graylog1.domain.com -file graylog-certificate.pem

What does you graylog.config file look like for TLS?
How did you create your certificates for Graylog? Maybe show what documentation you used would be helpful.

Using HTTPS

Hope that helps

The chown did it!
Didn’t even think of that, thanks a bunch.

But just for reference, this isn’t for setting up Graylog SSL itself, this was for trying to hit an external service with an HTTP notification from an alert, so the rest of the info about the graylog.config and creating the certs for Graylog wouldn’t have been applicable for the issue.

1 Like

@wedgerancer
Glad I was able to Help. Permission can be tricky.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.