search

graylog-labs / graylog-plugin-slack

Graylog alarm callback for Slack
https://www.graylog.org
Apache License 2.0
117 stars 52 forks source link

ssl cert path issue #21

Closed bubo77 closed 7 years ago

bubo77 commented 8 years ago

Hi,

I am trying to setup slack notification. My graylog and graylog api is setup with SSL. Not sure which certificate is this complaining about 

2016-05-15T19:03:42.346Z ERROR [OutputBufferProcessor] Error in output [class org.graylog2.plugins.slack.output.SlackMessageOutput].
java.lang.RuntimeException: Could not send message to Slack.
    at org.graylog2.plugins.slack.output.SlackMessageOutput.write(SlackMessageOutput.java:91) ~[?:?]
    at org.graylog2.buffers.processors.OutputBufferProcessor$1.run(OutputBufferProcessor.java:189) [graylog.jar:?]
    at com.codahale.metrics.InstrumentedExecutorService$InstrumentedRunnable.run(InstrumentedExecutorService.java:176) [graylog.jar:?]
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [?:1.8.0_45]
    at java.util.concurrent.FutureTask.run(FutureTask.java:266) [?:1.8.0_45]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [?:1.8.0_45]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [?:1.8.0_45]
    at java.lang.Thread.run(Thread.java:745) [?:1.8.0_45]
Caused by: org.graylog2.plugins.slack.SlackClient$SlackClientException: Could not POST to Slack API
    at org.graylog2.plugins.slack.SlackClient.send(SlackClient.java:51) ~[?:?]
    at org.graylog2.plugins.slack.output.SlackMessageOutput.write(SlackMessageOutput.java:89) ~[?:?]
    ... 7 more
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_45]
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937) ~[?:1.8.0_45]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[?:1.8.0_45]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:1.8.0_45]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478) ~[?:1.8.0_45]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) ~[?:1.8.0_45]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_45]
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[?:1.8.0_45]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) ~[?:1.8.0_45]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) ~[?:1.8.0_45]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) ~[?:1.8.0_45]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_45]
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) ~[?:1.8.0_45]
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) ~[?:1.8.0_45]
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1282) ~[?:1.8.0_45]
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1257) ~[?:1.8.0_45]
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250) ~[?:1.8.0_45]
    at org.graylog2.plugins.slack.SlackClient.send(SlackClient.java:43) ~[?:?]
    at org.graylog2.plugins.slack.output.SlackMessageOutput.write(SlackMessageOutput.java:89) ~[?:?]
    ... 7 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[?:1.8.0_45]
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:1.8.0_45]
    at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_45]
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_45]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[?:1.8.0_45]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[?:1.8.0_45]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460) ~[?:1.8.0_45]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) ~[?:1.8.0_45]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_45]
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[?:1.8.0_45]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) ~[?:1.8.0_45]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) ~[?:1.8.0_45]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) ~[?:1.8.0_45]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_45]
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) ~[?:1.8.0_45]
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) ~[?:1.8.0_45]
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1282) ~[?:1.8.0_45]
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1257) ~[?:1.8.0_45]
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250) ~[?:1.8.0_45]
    at org.graylog2.plugins.slack.SlackClient.send(SlackClient.java:43) ~[?:?]
    at org.graylog2.plugins.slack.output.SlackMessageOutput.write(SlackMessageOutput.java:89) ~[?:?]
    ... 7 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:145) ~[?:1.8.0_45]
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:131) ~[?:1.8.0_45]
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_45]
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[?:1.8.0_45]
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:1.8.0_45]
    at sun.security.validator.Validator.validate(Validator.java:260) ~[?:1.8.0_45]
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:1.8.0_45]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[?:1.8.0_45]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124) ~[?:1.8.0_45]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460) ~[?:1.8.0_45]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212) ~[?:1.8.0_45]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:1.8.0_45]
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914) ~[?:1.8.0_45]
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050) ~[?:1.8.0_45]
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363) ~[?:1.8.0_45]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391) ~[?:1.8.0_45]
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_45]
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563) ~[?:1.8.0_45]
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) ~[?:1.8.0_45]
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1282) ~[?:1.8.0_45]
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1257) ~[?:1.8.0_45]
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250) ~[?:1.8.0_45]
    at org.graylog2.plugins.slack.SlackClient.send(SlackClient.java:43) ~[?:?]
    at org.graylog2.plugins.slack.output.SlackMessageOutput.write(SlackMessageOutput.java:89) ~[?:?]
    ... 7 more
bubo77 commented 8 years ago

I've resolved it by importing slack SSL cert and CA cert to java keystore. You might want to include that in your install notes. The other thing is that interface says username is optional but you get this error if it is not defined:

org.graylog2.plugin.alarms.callbacks.AlarmCallbackConfigurationException: Configuration error. user_name is mandatory and must not be empty.