Webhook and SSL issue

I am generating a https webhook and receive the error below (I am using self-assigned certificates and added them already to the keystore)

"actions": [
{
"id": "my_webhook",
"type": "webhook",
"status": "failure",
"error": {
"root_cause": [
{
"type": "s_s_l_handshake_exception",
"reason": "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
}
],
"type": "s_s_l_handshake_exception",
"reason": "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
"caused_by": {
"type": "validator_exception",
"reason": "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
"caused_by": {
"type": "sun_cert_path_builder_exception",
"reason": "unable to find valid certification path to requested target"
}
}
}
},

Which keystore did you add these to ?

You can specify the necessary trust configuration for watcher, see https://www.elastic.co/guide/en/elasticsearch/reference/7.3/notification-settings.html#watcher-tls-ssl-key-trusted-certificate-settings.

For example:

xpack.http.ssl.certificate_authorities: ["/path/to/your/selfsigned/cert"]

would work fine

This is my configuration:

xpack.http.ssl.key: certs_pem/privatekey
xpack.http.ssl.certificate: certs_pem/elastic_node.cert
xpack.http.ssl.certificate_authorities: ["/etc/elasticsearch/certs_pem/ca.cert"]

I still receive the same error.

The webhook action is used to send an http request to a web service. You have mentioned that this web service is using a self signed certificate. So the code that makes this request needs to trust the web service self-signed certificate. And this is configured by xpack.http.ssl.certificate_authorities

Why did you add this ? Is the web service that you connect to requiring that you perform client TLS authentication ? If not, you shouldn't be sending a client certificate.

This would only work if the certificate that your web service uses for TLS is signed by ca.cert, is this the case ?

I left alone just this part:

pack.security.http.ssl.certificate_authorities: ["/etc/elasticsearch/ca/mycert_1.cert", "/etc/elasticsearch/ca/mycert_2.cert"]

Still the same error.

You don't offer any context or details so it becomes really hard to help you. We can't know if this configuration is fine or not, as we don't know what mycert_2.cert or mycert_1.cert is, how you created them, where these are used, how do they relate to the web service you want to connect to with the webhook

Figured it out. The problem was that the destination for the webhook is utilizing different certificate for web traffic and webhooks after adding also the one for the webhook error disappeared.