Open agarwalanirudh opened 5 years ago
Hi @agarwalanirudh , it sounds like you are on the right track using keytool import
to add the certificate to the collector's cacerts
file. We've officially documented this approach here, if you can take a look.
One difference I noticed was that we recommend connecting to the Sumo Logic endpoint URL from a browser and then downloading and using that certificate. I am wondering if your ssl-proxying-certificate.cer
lacks an intermediate certificate on the path to the Sumo Logic endpoint (but does have a path to https://www.google.com)?
In your test java class, can you try connecting to a Sumo Logic endpoint, such as https://collectors.sumologic.com and see if it works (should display the word "Tweep").
I have a Sumo container running on a CoreOS vm in an enterprise network. With the new setup, I need to run this VM behind an SSL Proxy server with a custom self signed certificate. Other containers running on this VM are able to connect via this proxy, once I add the self signed certificate to their respective trusted stores.
This Sumo container fails to communicate if the proxy is enabled as it doesn't know abut the new certificate. I added the certificate in Ubuntu's Trust store and post that, curl command connects successfully. I even added it to JVM's trust store, but that doesn't seem to work. Here's the error log:
To combat this, I added the command to import self signed certificate in my Dockerfile
It still fails with the same error.
On the bright side, after I add this certificate to the above mentioned trust store, I copied one test java class which makes a simple HTTPS call to https://www.google.com. It worked fine without throwing any exception. I compiled it locally and then ran it via /opt/SumoCollector/jre/bin/./java.
Can someone help me how to resolve this SSLHandshake failure? I think just like PROXY_HOST and PROXY_PORT there should be and option to configure custom CA cert.