I am using HEC to publish data to Splunk.
I am getting following SSL error - SSLHandshakeException.
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://input-prd-p-7n98kxjr4b4w.cloud.splunk.com:8088/services/collector": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
How can I fix it.
@ashwani_ks_15 @Priyankakumari1 @maraman_splunk Is it resolved? I got stuck with the same issue.
Please let me know if there is a fix for this.
I got stuck with the same issue, any thoughts?
Most probable issue is with lack of knowledge of CA used by HEC in the app connecting to it. Did you import the RootCA that is used for your HEC's cert intomyour app?
No, we haven't done that, we are seeing this issue when the user is trying through logstash, but its working fine when tested through our local machine. @PickleRick
what is the process to import certs btw?
Do you use https or plain http when testing it locally?
If you're using plain http you won't get ssl errors because you're not using it.
Anyway there should be an option for logstash output to specify CA cert. I haven't used logstash for several years now so can't tell you precisely which one it is.
@PickleRick It worked with https from our local machine.
i will try to reach out to splunk support if they have any troubleshooting steps for the logs ingesting via logstash.
Thank you
Hi,
Is it Resolved??
Hi,
I think you need the root certificate used by splunk cloud in your local java/os.-> your java app doesn't trust the HEC port -> you cant connect
you can use openssl s_client for example to check/debug your SSL connection (code 19 = you need to specify the root, code 0 = verified)