0

I want to send my Error-Logs to my Graylog2 server with ssl. Unfortunately, I always get exceptions. I have installed my ssl/tls certificates in Java's cacerts. Also the certificate exists on my Graylog-Server.

Exceptions:

log4j:ERROR General SSLEngine problem
java.io.IOException: Cannot send data to 192.168.10.74:12202
    at biz.paluch.logging.gelf.intern.sender.GelfTCPSender.sendMessage(GelfTCPSender.java:126)
    at biz.paluch.logging.gelf.log4j.GelfLogAppender.append(GelfLogAppender.java:92)
    at org.apache.log4j.AppenderSkeleton.doAppend(AppenderSkeleton.java:251)
    at org.apache.log4j.helpers.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:66)
    at org.apache.log4j.Category.callAppenders(Category.java:206)
    at org.apache.log4j.Category.forcedLog(Category.java:391)
    at org.apache.log4j.Category.error(Category.java:322)
    at logging.J2Graylog.main(J2Graylog.java:19)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1336)
    at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519)
    at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
    at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1169)
    at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
    at biz.paluch.logging.gelf.intern.sender.GelfTCPSSLSender.doHandshake(GelfTCPSSLSender.java:200)
    at biz.paluch.logging.gelf.intern.sender.GelfTCPSSLSender.connect(GelfTCPSSLSender.java:61)
    at biz.paluch.logging.gelf.intern.sender.GelfTCPSender.sendMessage(GelfTCPSender.java:103)
    ... 7 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1703)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:281)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:841)
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:839)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1273)
    at biz.paluch.logging.gelf.intern.sender.GelfTCPSSLSender.doHandshake(GelfTCPSSLSender.java:240)
    ... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:283)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:138)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1433)
    ... 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
    ... 22 more

log4j.properties:

log4j.appender.graylog2=biz.paluch.logging.gelf.log4j.GelfLogAppender
log4j.appender.graylog2.Host=ssl:myGraylogHost
log4j.appender.graylog2.Port=myPort
log4j.appender.graylog2.originHost=localhost
log4j.appender.graylog2.layout=org.apache.log4j.PatternLayout
log4j.appender.graylog2.layout.ConversionPattern=%d |%t|%c{1}| %-5p - %m%n
log4j.appender.graylog2.additionalFields={'environment': 'DEV', 'application': 'MyAPP'}
log4j.appender.graylog2.extractStackTrace=true
log4j.appender.graylog2.addExtendedInformation=true
log4j.appender.graylog2.Facility=gelf-java

Can someone tell me, why it throws so many exceptions?

Sangram Badi
  • 4,054
  • 9
  • 45
  • 78
Rene
  • 1
  • 2

2 Answers2

0

Check following points

  1. the code which is giving this exception is using which jre installation.go there and put certificate for your url.
  2. you are using root certificate.
positivecrux
  • 1,307
  • 2
  • 16
  • 35
0

In addition to @jaydeep's post:

  1. Verify the basic interoperability of your SSL setup. You can use a rather simple tool, see https://gist.github.com/4ndrej/4547029.
  2. logstash-gelf provides some configuration options regarding SSL, see TCP Sender SSL documentation.
  3. I noticed you're using IP addresses for the host name. Make sure your certificate contains the IP address as subject or Subject Alternative Name (IP SANs).
mp911de
  • 17,546
  • 2
  • 55
  • 95