3

I am trying to send logs to Splunk Cloud' HTTP Event Collector using Log4J' HTTP Appender. However, it seems Splunk uses a self-signed certificate on their HTTP Event Collector, thus causing SSL Validation errors when Log4J tries to connect to it:

ERROR Unable to send HTTP in appender [Splunk] javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

How can I temporarily disable SSL Certificate verification (similarly to the -k option of CURL) for the HTTP Appender?

Gauthier
  • 538
  • 6
  • 12
  • Sidebar - it's *probably* best to update your Splunk install's certs to something *not* self-signed, if you're planning on using it in this manner :) – warren Oct 09 '20 at 14:53
  • @warren I totally agree, but it's not a self hosted version, it's a Splunk Cloud' managed instance. Therefore, I do not have control over the SSL certificate. Otherwise, it would have been fixed already. – Gauthier Oct 10 '20 at 16:18
  • Interesting - I was under the [apparently mistaken] impression Splunk Cloud used commercial (not self-signed) certs – warren Oct 13 '20 at 12:22
  • @GauthierPLM Did you find a solution to this issue? – Chamila Wijayarathna Feb 18 '22 at 04:13
  • 1
    I did not; I made sure the whole infra uses signed certificates. – Gauthier Feb 18 '22 at 16:13

0 Answers0