Logstash GeoIP Database Manager: PKIX path building failed, _geoip_expired_database tag

Hello,

I started to get this error on a couple of Logstash nodes.

[2022-12-12T20:10:23,983][ERROR][logstash.filters.geoip.databasemanager] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target {:cause=>javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}

Basically the database manager for the geoip filter can not verify the certificated for the download target.

What is the endpoint it uses?

The Ingest processor in Elasticsearch downloads from the following I am not sure if logstash is the same... but I suspect it is.

https://geoip.elastic.co/v1/database

Yeah, you are right.

I was looking in the geoip filter documentation page, but there is nothing there about the endpoint, it tells you how to change the endpoint, but not what is the original endpoint.

I found it in the logstash.yml reference file on github.

#xpack.geoip.download.endpoint: "https://geoip.elastic.co/v1/database"

Also, it seems that it is an issue with SSL Decryption on my side.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.