👍
Also experienced this behaviour.
@suraj-kamath nice description of the problem :)

@logstash-dev's can we have an update here ?

@suraj-kamath I've found that 'ssl_certificate_validation' is used here.

Does it help?

Still awaiting response on this from "logstash-dev"
Please provide an update on this issue, Is there any plan of adding the changes in latest release ?

ssl_certificate_validation option is not taking effect. Irrespective of whether we give the value as true or false, it is always taken as true.

@suraj-kamath is this plugin still trying to do cert validation when ssl_certificate_validation is false?

I'm getting the same error when using
ssl_certificate_validation => false
I get
"error" => "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

I just downloaded logstash 2.0 and installed the http_poller plugin

@logstash-dev's Any update on this ?
Also looks like Logstash does not support SNI, Please confirm.

+1

I am also getting the same error.

"error" => "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

+1 Getting same issue as above

+1 Need a workaround!

+1

I was able to fix this problem. Check whether your application is using JDK or JRE. Based on that try installing the certificate in the keystore.
Let me know if you have any queries.

+1

+1

Since 2015...

+1

+1 (We have wildcard Certs AND SSL settings to turn off verification in LS don't work)

+1

+1

@yaoyaminaco0571 's suggestion to add truststore path worked for me in v7.16.1

@bernielomax as the error output mentioned "logstash unable to find valid certification path to requested target", you should add a fake path to it since the code needs.

The configuration is worked fine for me:

    ssl => true
    ssl_certificate_verification => false
    truststore => "/home/admin/server/elasticsearch-current/config/truststore.jks"
    truststore_password => changeit
    user => logstash
    password => logstash

If OK pls feedback. I guess it will work around the problem met in http output. @blacklobo

Caution: the jks file should be exists and readable for logstash.

Facing the same issue (out of a sudden) with no cert used at all .

This is my output section:

  elasticsearch {
    hosts => "https://elastic.xxx.de:9200"
    ssl => true
    ssl_certificate_verification => false
    document_id => "someid"
    user => "user"
    password => "password"
    doc_as_upsert => true
    action => "update"
  }

And I have no truststore to set ot a cacert.

A lot has been going on here over the years, but let me tackle this down:

• the http_client mixin and thus output-http plugin at some point had the ssl_certificate_validation option
• the ssl_certificate_validation => false had no effect and was later removed to confuse users
• Feat: support ssl_verification_mode => 'full' / 'none' #126 added a new option ssl_verification_mode

The updated http output which can be used to disable verification (using ssl_verification_mode => none) will be part of Logstash 8.1, in the mean time try bin/logstash-plugin update logstash-output-http (which should update the plugin to >= 5.3.0)

The issue also mentions ES output with the ssl_certificate_verification => false option, the issue while similar do not have the same cause - for ES output disabling verification had some effect (allowing self-signed certificates) but did not disable verification completely. This issue has also been resolved and should be available since Logstash 7.17.0.