Splunk Cloud Platform

SSL: Why getting this error "SSLHandshakeException" for HEC for Splunk Cloud?

ashwani_ks_15
New Member

I am using HEC to publish data to Splunk.
I am getting following SSL error - SSLHandshakeException.
org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://input-prd-p-7n98kxjr4b4w.cloud.splunk.com:8088/services/collector": sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target; nested exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

How can I fix it.

Labels (1)
0 Karma

Splunker96
Builder

@ashwani_ks_15 @Priyankakumari1 @maraman_splunk Is it resolved? I got stuck with the same issue.

Please let me know if there is a fix for this. 

I got stuck with the same issue, any thoughts?

 

0 Karma

PickleRick
Ultra Champion

Most probable issue is with lack of knowledge of CA used by HEC in the app connecting to it. Did you import the RootCA that is used for your HEC's cert intomyour app?

0 Karma

Splunker96
Builder

No, we haven't done that, we are seeing this issue when the user is trying through logstash, but its working fine when tested through our local machine. @PickleRick 

what is the process to import certs btw?

 

 

0 Karma

PickleRick
Ultra Champion

Do you use https or plain http when testing it locally?

If you're using plain http you won't get ssl errors because you're not using it.

Anyway there should be an option for logstash output to specify CA cert. I haven't used logstash for several years now so  can't tell you precisely which one it is.

0 Karma

Splunker96
Builder

@PickleRick It worked with https from our local machine.

i will try to reach out to splunk support if they have any troubleshooting steps for the logs ingesting via logstash.

 

Thank you

0 Karma

Priyankakumari1
Explorer

Hi,

Is it Resolved??

 

0 Karma

maraman_splunk
Splunk Employee
Splunk Employee

Hi,

I think you need the root certificate used by splunk cloud in your local java/os.-> your java app doesn't trust the HEC port -> you cant connect
you can use openssl s_client for example to check/debug your SSL connection (code 19 = you need to specify the root, code 0 = verified)

0 Karma
Get Updates on the Splunk Community!

How I Instrumented a Rust Application Without Knowing Rust

As a technical writer, I often have to edit or create code snippets for Splunk's distributions of ...

Splunk Community Platform Survey

Hey Splunk Community, Starting today, the community platform may prompt you to participate in a survey. The ...

Observability Highlights | November 2022 Newsletter

 November 2022Observability CloudEnd Of Support Extension for SignalFx Smart AgentSplunk is extending the End ...