Certificate error when watcher tries to notify slack

I am using elasticsearch 5.3.2 with watcher enabled. I created a sample watcher alert with slack webhook action. When I run the _execute api on the alert it gives below SSL error response in the action section.

"actions": [
{
"id": "slack",
"type": "webhook",
"status": "failure",
"reason": "SSLHandshakeException[sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]; nested: ValidatorException[PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]; nested: SunCertPathBuilderException[unable to find valid certification path to requested target]; "
}
]

Hey,

can you try and run your Elasticsearch instance with a recent oracle JDK and see if this problem persists? I have seen openjdk installations missing well known SSL root certificates causing this error and I would like to rule this out first.

Thanks a lot!

--Alex

Hi,

I am getting the same error, were you able to resolve it?

Hey,

I wrote possibilities above to try and resolve this. Did you try switching your JDK to an oracle one?

--Alex

Hi All,

We were using exclusive certificates for ssl connections from our elasticsearch cluster. So I had to add slack certificate as a trusted certificate in my certificate bundle.

There is one more setting in xpack to just ignore ssl cert validation. Bit risky but you can try it

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.