-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
javax.net.ssl.SSLHandshakeException : unable to find valid certification path to requested target #78
Comments
Hi @agarwalanirudh , it sounds like you are on the right track using One difference I noticed was that we recommend connecting to the Sumo Logic endpoint URL from a browser and then downloading and using that certificate. I am wondering if your In your test java class, can you try connecting to a Sumo Logic endpoint, such as https://collectors.sumologic.com and see if it works (should display the word "Tweep"). |
I have a Sumo container running on a CoreOS vm in an enterprise network.
With the new setup, I need to run this VM behind an SSL Proxy server with a custom self signed certificate.
Other containers running on this VM are able to connect via this proxy, once I add the self signed certificate to their respective trusted stores.
This Sumo container fails to communicate if the proxy is enabled as it doesn't know abut the new certificate.
I added the certificate in Ubuntu's Trust store and post that, curl command connects successfully.
I even added it to JVM's trust store, but that doesn't seem to work. Here's the error log:
To combat this, I added the command to import self signed certificate in my Dockerfile
It still fails with the same error.
On the bright side, after I add this certificate to the above mentioned trust store, I copied one test java class which makes a simple HTTPS call to https://www.google.com. It worked fine without throwing any exception. I compiled it locally and then ran it via /opt/SumoCollector/jre/bin/./java.
Can someone help me how to resolve this SSLHandshake failure?
I think just like PROXY_HOST and PROXY_PORT there should be and option to configure custom CA cert.
The text was updated successfully, but these errors were encountered: