Watcher ssl fail

hofrichterovak · January 19, 2024, 12:56pm

Hello,

I read the documentation about sending email with PDF dashboard in the attachment >>> Automatically generate reports | Kibana Guide [8.9] | Elastic

I wanted to create my own watcher. My Kibana version is 7.17.8

Manually generating PDF reports works.

Problem is that my watcher has this alert:

    "actions": [
      {
        "id": "send_email",
        "type": "email",
        "status": "failure",
        "error": {
          "root_cause": [
            {
              "type": "s_s_l_handshake_exception",
              "reason": "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
            }
          ],
          "type": "s_s_l_handshake_exception",
          "reason": "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
          "caused_by": {
            "type": "validator_exception",
            "reason": "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
            "caused_by": {
              "type": "sun_cert_path_builder_exception",
              "reason": "unable to find valid certification path to requested target"
            }
          }
        }
      }
    ]

My watcher looks like this. Please, how can I fix it?

{
  "trigger": {
    "schedule": {
      "interval": "3m"
    }
  },
  "input": {
    "none": {}
  },
  "condition": {
    "always": {}
  },
  "actions": {
    "send_email": {
      "email": {
        "profile": "standard",
        "attachments": {
          "xxx.pdf": {
            "reporting": {
              "url": "https://xxxxx.cz/api/reporting/generate/printablePdfV2?jobParams=h%3A%21f%2CviewMode%3Aview%29%2Cversion%3A%277.17.8%27%29%29%2CobjectType%3Adashboard%2Ctitle%3A%27GSK%20SQL%20DWH%27%2Cversion%3A%277.17.8%27%29",
              "retries": 40,
              "interval": "15s",
              "auth": {
                "basic": {
                  "username": "elastic",
                  "password": "::es_redacted::"
                }
              }
            }
          }
        },
        "to": [
          "katerina.xx@xx.cz"
        ],
        "subject": "YX"
      }
    }
  }
}

My elasticsearch.yml:

xpack.security.enabled: true	

xpack.security.transport.ssl.enabled: true	
xpack.security.transport.ssl.verification_mode: certificate	
xpack.security.transport.ssl.keystore.path: certs/master-1	
xpack.security.transport.ssl.truststore.path: certs/master-1	

xpack.security.http.ssl.enabled: true	
xpack.security.http.ssl.keystore.path: certs/master-1	
xpack.security.http.ssl.truststore.path: certs/master-1

xpack.http.ssl.key: "/etc/elasticsearch/certs/newfile.key.pem"
xpack.http.ssl.certificate: "/etc/elasticsearch/certs/newfile.crt.pem"
xpack.http.ssl.certificate_authorities: "/etc/elasticsearch/certs/ca.crt"
xpack.http.ssl.verification_mode: certificate
xpack.watcher.enabled: true

Thank you.

hofrichterovak · February 5, 2024, 1:57pm

Resolved with verification_mode: none.

system · March 4, 2024, 1:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.