I have a URL to be used as input of logstash and output to be saved as a file. I am getting no data in my output file if i use CSV and getting htto_request failure message as data if i use json.
kindly help me with troubleshooting the cert issue. I get keytool error: java.lang.Exception: Input not an X.509 certificate error when i convert selfsigned CAcert into jks as per document. so i could not use truststore.
below is the error message inside the output json file.
"http_request_failure":{"runtime_seconds":0.015593000000000001,"name":"minemeld","request":{"cacert":"/opt/CA.cert","method":"get","url":"https://192.168.56.30/feeds/DARP-output-feedgreen?tr=1&v=json"},"error":"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target","backtrace":null},"@version":"1","@timestamp":"2019-04-03T14:36:30.591Z","tags":["_http_request_failure"]}
Hello @Janko - Thanks for the details. I tried cacert => /etc/nginx/minemeld.pem and also tried cacert => /etc/nginx/minemeld.cer but i get below error message in the output json file.
{"http_request_failure":{"runtime_seconds":0.014555,"name":"minemeld","request":{"cacert":"/etc/nginx/minemeld.cer","method":"get","url":"https://192.168.56.30/feeds/DARP-output-feedgreen?tr=1&v=json"},"error":"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target","backtrace":null},"@version":"1","@timestamp":"2019-04-04T00:44:23.440Z","tags":["_http_request_failure"]}
I could not use truststore because I get keytool error: java.lang.Exception: Input not an X.509 certificate error when trying below one liner as per Document
Hello @Janko - Kindly let me know any method to fix the above mentioned issue.
how do i use truststore with my self signed URL. I get keytool error: java.lang.Exception: Input not an X.509 certificate
if I use CA cert (.pem) I get below error message in the output field.
{"http_request_failure":{"runtime_seconds":0.014555,"name":"minemeld","request":{"cacert":"/etc/nginx/minemeld.cer","method":"get","url":"https://192.168.56.30/feeds/DARP-output-feedgreen?tr=1&v=json"},"error":"PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target","backtrace":null},"@version":"1","@timestamp":"2019-04-04T00:44:23.440Z","tags":["_http_request_failure"]}
first off, your message board etiquette leaves a lot to be desired. I think Janko and Badger have been members longer than I have and might have stricter personal rules not to reply when directly mentioned. All of us answer voluntarily on questions that are somehow interesting and our knowledge might be of help to others.
Anyway, back to your problem. You are using an IP as the host name. You could generate self-signed SSL certs for that but it is definitely not recommended.
Maybe try e.g. this to generate an SSL cert for a domain name http://www.selfsignedcertificate.com/
If you can't add the domain to DNS you can add the domain to /etc/hosts
If you are doing this on a private network, why do you use HTTPS at all? I know, it is still good practice to always encrypt your traffic but still. Get it working over plain HTTP first and then figure out HTTPS and SSL certs.
I did not mean to be rude. Monday morning... Members here are happy to help.
Returning to the technical issue you are having.
curl -Iv https://192.168.56.30 should show you the state of the SSL cert. When you use a self-signed certificate you also have to specify --cacert <CA certificate>
Or you can use openssl. There is no point in expecting Logstash to connect successfully before curl or openssl are successful connecting.
The above might not work so well for this situation as you do not have access to the CA cert... And it seems that there is no option to use http_poller without verifying the SSL cert...
Personally, I would use HTTP unless you have a private CA setup that will let you easily issue new self-signed SSL certs or if you already have a SSL certs from a trusted CA.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.