Splunk Cloud Platform

SSL: Why getting this error "SSLHandshakeException" for HEC for Splunk Cloud?

ashwani_ks_15
New Member

I am using HEC to publish data to Splunk.
I am getting following SSL error - SSLHandshakeException.
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://input-prd-p-7n98kxjr4b4w.cloud.splunk.com:8088/services/collector": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

How can I fix it.

Labels (1)
0 Karma

Roy_9
Motivator

@ashwani_ks_15 @Priyankakumari1 @maraman_splunk Is it resolved? I got stuck with the same issue.

Please let me know if there is a fix for this. 

I got stuck with the same issue, any thoughts?

 

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Most probable issue is with lack of knowledge of CA used by HEC in the app connecting to it. Did you import the RootCA that is used for your HEC's cert intomyour app?

0 Karma

Roy_9
Motivator

No, we haven't done that, we are seeing this issue when the user is trying through logstash, but its working fine when tested through our local machine. @PickleRick 

what is the process to import certs btw?

 

 

0 Karma

PickleRick
SplunkTrust
SplunkTrust

Do you use https or plain http when testing it locally?

If you're using plain http you won't get ssl errors because you're not using it.

Anyway there should be an option for logstash output to specify CA cert. I haven't used logstash for several years now so  can't tell you precisely which one it is.

0 Karma

Roy_9
Motivator

@PickleRick It worked with https from our local machine.

i will try to reach out to splunk support if they have any troubleshooting steps for the logs ingesting via logstash.

 

Thank you

0 Karma

Priyankakumari1
Explorer

Hi,

Is it Resolved??

 

0 Karma

maraman_splunk
Splunk Employee
Splunk Employee

Hi,

I think you need the root certificate used by splunk cloud in your local java/os.-> your java app doesn't trust the HEC port -> you cant connect
you can use openssl s_client for example to check/debug your SSL connection (code 19 = you need to specify the root, code 0 = verified)

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...