I am using elasticsearch 5.3.2 with watcher enabled. I created a sample watcher alert with slack webhook action. When I run the _execute api on the alert it gives below SSL error response in the action section.
"actions": [
{
"id": "slack",
"type": "webhook",
"status": "failure",
"reason": "SSLHandshakeException[sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]; nested: ValidatorException[PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]; nested: SunCertPathBuilderException[unable to find valid certification path to requested target]; "
}
]
can you try and run your Elasticsearch instance with a recent oracle JDK and see if this problem persists? I have seen openjdk installations missing well known SSL root certificates causing this error and I would like to rule this out first.
We were using exclusive certificates for ssl connections from our elasticsearch cluster. So I had to add slack certificate as a trusted certificate in my certificate bundle.
There is one more setting in xpack to just ignore ssl cert validation. Bit risky but you can try it
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.