Email ssl error


(Yaroslav) #1

Hi! I have this error when try to send Email alert (javax.mail.MessagingException: Could not convert socket to TLS; nested exception is: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target). This error upspring if I use https connection. I tried send email alert on http protocol (with the same settings how on https protocol) and I didnt get this error. Can i solved this problem?


(Tess) #2

The problem is caused by the fact that the CA that signed the cert for the mail server is not in Graylog’s trust-store. You will need to ensure that Graylog trusts the CA (certificate authority).

Of course, you should only do this if you are absolutely 100% sure that the CA is to be trusted! You should not simply add any CA to the trust list, because you’re opening yourself up for attacks.

The main Graylog processes use the Linux OS main trust store, while components inside Graylog (like Inputs etc) each need to be configured manually to point to a seperate PEM trust store. I don’t know how the email function works or is configured, you should look into that yourself.


(Yaroslav) #3

How can I add a certificate to trusted? This certificate did my company.


(Yaroslav) #5

Okay, i solved problem


(Tess) #6

That’s great! I had a long, bad weekend so I couldn’t reply earlier.

Could you please share your resolution, so others who may run into the same issue can learn from you?