Unable to find valid certification path to requested target while trying to implement HTTPS

riccardo_centropaghe · June 1, 2021, 2:10pm

Hi, I am using a ELK stack in docker for pfSense, from here GitHub - pfelk/docker: Deploy pfelk with docker-compose
All went fine, I even implement https with my own domain certificate. Navigating on the KIBANA dashboard I see that I had some red cross on configuration about FLEET, so I follow the instruction but I cannotfigure out what is wrong, is something about the certificates but don't know what. This is the log from the logstash container.

[WARN ] 2021-06-01 14:00:12.033 [Ruby-0-Thread-11: /usr/share/logstash/vendor/bundle/jruby/2.5.0/gems/logstash-output-elasticsearch-10.8.6-java/lib/logstash/outputs/elasticsearch/http_client/pool.rb:241] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://logstash_internal:xxxxxx@es01:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://logstash_internal:xxxxxx@es01:9200/][Manticore::ClientProtocolException] PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}

This is the docker-compose

version: '2.2'
services:
  es01:
    build:
      context: elasticsearch/
      args:
        ELK_VERSION: $ELK_VERSION
    restart: unless-stopped
    container_name: es01
    environment:
      - node.name=es01
      - cluster.name=es-docker-cluster
      - cluster.initial_master_nodes=es01
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - network.host=0.0.0.0
      - xpack.security.enabled=true
      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.keystore.type=PKCS12
      - xpack.security.transport.ssl.verification_mode=certificate
      - xpack.security.transport.ssl.keystore.path=elastic-certificates.p12
      - xpack.security.transport.ssl.truststore.path=elastic-certificates.p12
      - xpack.security.transport.ssl.truststore.type=PKCS12
      - xpack.security.authc.api_key.enabled=true
      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.key=ssl/private_2020.key
      - xpack.security.http.ssl.certificate=ssl/public_2020.crt
      - xpack.security.http.ssl.certificate_authorities=ssl/intermediate_2020.crt
      - xpack.http.ssl.certificate_authorities=ssl/root.crt
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - ./elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12
      - ./ssl:/usr/share/elasticsearch/config/ssl/
      - data01:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
    networks:
      - elastic
  logstash:
    container_name: logstash
    build:
      context: logstash/
      args:
        ELK_VERSION: $ELK_VERSION
    environment:
      LS_JAVA_OPTS: -Xmx1G -Xms1G
    restart: unless-stopped
    volumes:
      - ./etc/logstash/config/:/usr/share/logstash/config:ro       
      - ./etc/pfelk/conf.d/:/etc/pfelk/conf.d:ro
      - ./etc/pfelk/patterns/:/etc/pfelk/patterns:ro
      - ./etc/pfelk/databases/:/etc/pfelk/databases:ro
    ports:
      - 5040:5040
      - 5044:5044
      - 5140:5140/udp
      - 5141:5141/udp
      - 5190:5190
      - 9600:9600
    networks:
      - elastic
    depends_on:
      - es01

  kibana:
    container_name: kibana
    build:
      context: kibana/
      args:
        ELK_VERSION: $ELK_VERSION
    environment:
      ELASTICSEARCH_HOSTS: https://es01:9200
      SERVER_NAME: kibana
      SERVER_HOST: 0.0.0.0
      ELASTICSEARCH_USERNAME: kibana
      ELASTICSEARCH_PASSWORD: mypassword
      ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES: /etc/ssl/intermediate_2020.crt

      SERVER_SSL_ENABLED: "true"
      SERVER_SSL_KEY: /etc/ssl/private_2020.key
      SERVER_SSL_CERTIFICATE: /etc/ssl/public_2020.crt
 

      XPACK_FLEET_ENABLED: "true"
      XPACK_SECURITY_ENABLED: "true"
      XPACK_ENCRYPTEDSAVEDOBJECTS_ENCRYPTIONKEY: mykey

    volumes:
      - ./ssl:/etc/ssl

    restart: unless-stopped
    ports:
      - 5601:5601
    networks:
      - elastic
    depends_on:
      - logstash

volumes:
  data01:
    driver: local

networks:
  elastic:
    driver: bridge

this is logstash.yaml

xpack.monitoring.elasticsearch.hosts: [ "https://es01:9200" ]
xpack.monitoring.enabled: false
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: mypassword

and this is a part of output filter logstash

output {
  ################################################################################
  ###                               firewall                                   ###
  ################################################################################
  if "firewall" in [tags] {
    elasticsearch {
      hosts => ["https://es01:9200"]
      index => "pfelk-firewall-%{+YYYY.MM}"
      ssl => true
      ssl_certificate_verification => false
      cacert => "/usr/share/logstash/config/ssl/root.crt"
      ilm_enabled => true
#ILM#      ilm_rollover_alias => "pfelk-firewall"
#ILM#      ilm_pattern => "000001"
#ILM#      ilm_policy => "pfelk-ilm"
#ILM#      ecs_compatibility => "v1"
      manage_template => false
      user => logstash_internal
      password => mypass
    }
  }

I am using the last version of the stack
thanks

system · June 29, 2021, 2:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.