Logstash output rabbitmq

Hello,

I use the output of logstash to connect to Rabbitmq with ssl.
I have this config for Logstash :

output {
  rabbitmq {
    host => "rabbitmq"
    port => 5671
    exchange => "logstash"
    exchange_type => "direct"
    key => "logstash"
    user => "wruser"
    password => "test"
    ssl => true
    ssl_certificate_path => "/etc/pki/logstash/server.p12"
    ssl_certificate_password => "test"
    }

I have this config for Rabbitmq :

[
 {rabbit, [
   {tcp_listeners, [{"127.0.0.1", 5672}]}
   ,
   {num_ssl_acceptors, 10},
   {ssl_listeners, [5671]},
   {ssl_options, [
        {cacertfile,"/etc/pki/rabbitmq/ca.crt"},
        {certfile,"/etc/pki/rabbitmq/rabbitmq.crt"},
        {keyfile,"/etc/pki/rabbitmq/rabbitmq.key"},
        {verify,verify_peer},
        {fail_if_no_peer_cert,false}
   ]}
  ]}
].

I got this error in logsatsh :

[ERROR][logstash.outputs.rabbitmq] RabbitMQ connection error, will retry. {:error_message=>"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", :exception=>"Java::JavaxNetSsl::SSLHandshakeException"}

I don't see how resolve this error. It's an error in the config or in the generation of my .p12 ?

Thank you in advance.

This error not in you config file, and not in your Logstash env.
It's similar of Java environment error, and probably you can fix it like this solutions and workaround
Java cert

Thank you for your reply, I will check this.

I make the changes but I still the error.

Do you have command to generate well a pkcs12 correctly with a ca.crt ? I think is a part of problem

It was a problem in cert file and pkcs12.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.