Logstash output rabbitmq

flochon · October 29, 2018, 8:18am

Hello,

I use the output of logstash to connect to Rabbitmq with ssl.
I have this config for Logstash :

output {
  rabbitmq {
    host => "rabbitmq"
    port => 5671
    exchange => "logstash"
    exchange_type => "direct"
    key => "logstash"
    user => "wruser"
    password => "test"
    ssl => true
    ssl_certificate_path => "/etc/pki/logstash/server.p12"
    ssl_certificate_password => "test"
    }

I have this config for Rabbitmq :

[
 {rabbit, [
   {tcp_listeners, [{"127.0.0.1", 5672}]}
   ,
   {num_ssl_acceptors, 10},
   {ssl_listeners, [5671]},
   {ssl_options, [
        {cacertfile,"/etc/pki/rabbitmq/ca.crt"},
        {certfile,"/etc/pki/rabbitmq/rabbitmq.crt"},
        {keyfile,"/etc/pki/rabbitmq/rabbitmq.key"},
        {verify,verify_peer},
        {fail_if_no_peer_cert,false}
   ]}
  ]}
].

I got this error in logsatsh :

[ERROR][logstash.outputs.rabbitmq] RabbitMQ connection error, will retry. {:error_message=>"sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target", :exception=>"Java::JavaxNetSsl::SSLHandshakeException"}

I don't see how resolve this error. It's an error in the config or in the generation of my .p12 ?

Thank you in advance.

hummermania · October 29, 2018, 9:13am

This error not in you config file, and not in your Logstash env.
It's similar of Java environment error, and probably you can fix it like this solutions and workaround
Java cert

flochon · October 29, 2018, 12:27pm

Thank you for your reply, I will check this.

I make the changes but I still the error.

Do you have command to generate well a pkcs12 correctly with a ca.crt ? I think is a part of problem

flochon · October 31, 2018, 8:48am

It was a problem in cert file and pkcs12.

system · November 28, 2018, 8:48am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.