PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Ria · May 14, 2025, 2:26am

I'm using http_poller input plugin in the logstash pipeline in order to ingest the REST API endpoint call response to feed into the elasticsearch index .This is my current configuration of the pipeline as I'm doing on my work device.

input {
  http_poller {
    urls => {
      test1 => {
        method => get
        ssl_enabled => true
        cacert => "C:\Users\882709066\Downloads\logstash-8.12.2\rbc-ca-bundle.pem"
        ssl_certificate => "C:\Users\882709066\Downloads\logstash-8.12.2\rbc-ca-bundle.cer"
        url => "https://volume-prediction-restapi-juc0-private-qat.apps.ocp-sai-s1.saifg.rbc.com/inference"
        headers => {
          "Content-Type" => "application/json"
        }
        body => '{
          "date": "01-03-2025",
          "pred_column": "file_record_count",
          "history_limit_days": 90
        }'
      }
    }
    request_timeout => 60
    schedule => { cron => "* * * * * UTC" } # Runs every minute
    codec => "json" # Parses the JSON response
  }
}

filter {
  # Add your filter logic here if needed
}

output {
  stdout {
    codec => rubydebug
  }
  elasticsearch {
    hosts => ["https://2bac88ffc6b84ebeb6a945337cb56bb9.ece.saifg.rbc.com:9243"]
    user => "elastic"
    password => "******"
    ilm_rollover_alias => "test-api"
    ssl => true
    ssl_certificate_verification => true
    cacert => "C:/Users/882709066/Downloads/logstash-8.12.2/elastic-cert.cer"
  }
}

Kindly please help in resolving this error as I tried various options but unable to resolve.

Rios · May 14, 2025, 9:30am

Welcome to the community.

Have you try to use forward slashes / for the input http_poller

cacert => "C:/Users/882709066/Downloads/logstash-8.12.2/rbc-ca-bundle.pem"

If is still not work, can you copy more details from the log/debug.

Ria · May 14, 2025, 1:22pm

Hi @Rios , Itried using the forward slashes too but no luck. I'm attaching the logs while running the logstash in my local.

{
         "error" => {
        "stack_trace" => nil,
            "message" => "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
    },
      "@version" => "1",
         "event" => {
        "duration" => 165000
    },
           "url" => {
        "full" => "https://volume-prediction-restapi-juc0-private-qat.apps.ocp-sai-s1.saifg.rbc.com/inference"
    },
    "@timestamp" => 2025-05-14T07:22:00.819956400Z,
          "http" => {
        "request" => {
            "method" => "get"
        }
    },
          "tags" => [
        [0] "_http_request_failure"
    ],
          "host" => {
        "hostname" => "KZBWB43S"

Ria · May 15, 2025, 12:09am

Can anyone from #Elastic team help me ?

Rios · May 15, 2025, 6:31am

You have used the obsolete param, try with:

        ssl_enabled => true
        ssl_certificate_authorities => "C:\Users\882709066\Downloads\logstash-8.12.2\rbc-ca-bundle.pem"
        ssl_verification_mode => "full" # "none"

If still is the problem there, try with none. The none setting performs no verification of the server’s certificate.

ssl_certificate - Do you really need a client certificate? If do, you need also ssl_key

Topic		Replies	Views
Logstash http_poller ssl issue Logstash	1	377	January 9, 2020
Logstash http poller - PKIX path building failed Logstash	3	1025	September 8, 2021
How to provide *.PFX in http_poller Logstash	2	818	July 6, 2017
Problem with logstash http_poller plugin Logstash	2	764	March 20, 2018
Overriding HTTP_Poller SSL Input Logstash	1	458	January 7, 2020

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Related topics