Dear Team,
I am getting the error while ioc lookup on misp. I have tried all the issue posted on graylog comunity but still getting same error. Kindly provide the solution
2025-05-05T11:05:46.182Z ERROR [HTTPJSONPathDataAdapter] Data adapter : HTTP request error for key <mb4z3nlfyrcjnoqf.onion> from URL https://10.50.201.11/attributes/restSearch/value:mb4z3nlfyrcjnoqf.onion
javax.net.ssl.SSLHandshakeException: None of the TrustManagers trust this certificate chain.
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:?]
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source) ~[?:?]
Hi @jitendra.sharma
You are trying to communicate over HTTPS with a website that’s using a certificate that your JVM doesn’t trust. The certificate that’s used to encrypt the communication is not trusted by any CA that you have in your truststore.
You have several options:
If you control the https://10.50.201.11 website, then use a valid and trusted certificate.
If you control the https://10.50.201.11 website, you can maybe disable SSL and use plain HTTP?
If you don’t control it but trust it, you can take its certificate and add it to your JVM truststore
You can also setup some kind of proxy that will trust the page and serve you responses locally over plaintext.
Now you have the cert in a PEM file. You need to add it to your truststore, which is distributed with the JVM you are using (either your own or distributed with graylog server installation, depending on your setup). The file is called cacert.
The command to import to add a PEM cert to your truststore will then be:
The best approach is to make a copy of the truststore, add your certificate and tell graylog server to use this truststore. All of this is described in the guide above.
After adding the misp certificate in truststore I am getting this error.
2025-05-06T07:46:49.249Z ERROR [HTTPJSONPathDataAdapter] Data adapter : HTTP request error for key <mb4z3nlfyrcjnoqf.onion> from URL https://10.50.201.11/attributes/restSearch/value:mb4z3nlfyrcjnoqf.onion
javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.50.201.11 not verified:
certificate: sha256/8slf8LSX+3rt7I18AvewcI9HAUcmzYh3nSv4T0cIlcs=
DN: EMAILADDRESS=info@misp.local, CN=misp.local, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=LU
subjectAltNames:
javax.net.ssl.SSLPeerUnverifiedException: Hostname 10.50.201.11 not verified:
usually means a mismatch between the name you are using to access the server (an IP 10.50.201.11 in your case) and a certificate that’s issued for a hostname (misp.local). You need to unify this - either by accessing the server by its hostname or by issuing a new certificate, adding the IP to the subject alternative names.
When I am accessing with name still I am getting error.
2025-05-06T09:18:41.012Z ERROR [HTTPJSONPathDataAdapter] Data adapter : HTTP request error for key <mb4z3nlfyrcjnoqf.onion> from URL https://misp.local/attributes/restSearch/value:mb4z3nlfyrcjnoqf.onion
javax.net.ssl.SSLPeerUnverifiedException: Hostname misp.local not verified:
certificate: sha256/8slf8LSX+3rt7I18AvewcI9HAUcmzYh3nSv4T0cIlcs=
DN: EMAILADDRESS=info@misp.local, CN=misp.local, OU=Organizational Unit, O=Organization, L=Location, ST=State, C=LU
subjectAltNames:
I think your certificate is considered invalid, as it has empty subjectAltNames. If you can, try to regenerate the certificate and add the misp.local to the SAN list.
