Logstash GeoIP Database Manager: PKIX path building failed, _geoip_expired_database tag

leandrojmp · December 12, 2022, 10:35pm

Hello,

I started to get this error on a couple of Logstash nodes.

[2022-12-12T20:10:23,983][ERROR][logstash.filters.geoip.databasemanager] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target {:cause=>javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target}

Basically the database manager for the geoip filter can not verify the certificated for the download target.

What is the endpoint it uses?

stephenb · December 12, 2022, 11:01pm

The Ingest processor in Elasticsearch downloads from the following I am not sure if logstash is the same... but I suspect it is.

https://geoip.elastic.co/v1/database

leandrojmp · December 12, 2022, 11:31pm

Yeah, you are right.

I was looking in the geoip filter documentation page, but there is nothing there about the endpoint, it tells you how to change the endpoint, but not what is the original endpoint.

I found it in the logstash.yml reference file on github.

#xpack.geoip.download.endpoint: "https://geoip.elastic.co/v1/database"

Also, it seems that it is an issue with SSL Decryption on my side.

system · January 9, 2023, 11:32pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.