Java:Gelf-Logstash - >“ssl:hostname”时的例外情况
问题描述:
我想通过ssl将我的错误日志发送到我的Graylog2服务器。不幸的是,我总是得到例外。我已经在Java的cacerts
中安装了我的ssl/tls证书。此外,我的Graylog-Server上还存在证书。Java:Gelf-Logstash - >“ssl:hostname”时的例外情况
例外:
log4j:ERROR General SSLEngine problem
java.io.IOException: Cannot send data to 192.168.10.74:12202
at biz.paluch.logging.gelf.intern.sender.GelfTCPSender.sendMessage(GelfTCPSender.java:126)
at biz.paluch.logging.gelf.log4j.GelfLogAppender.append(GelfLogAppender.java:92)
at org.apache.log4j.AppenderSkeleton.doAppend(AppenderSkeleton.java:251)
at org.apache.log4j.helpers.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:66)
at org.apache.log4j.Category.callAppenders(Category.java:206)
at org.apache.log4j.Category.forcedLog(Category.java:391)
at org.apache.log4j.Category.error(Category.java:322)
at logging.J2Graylog.main(J2Graylog.java:19)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1336)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1169)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
at biz.paluch.logging.gelf.intern.sender.GelfTCPSSLSender.doHandshake(GelfTCPSSLSender.java:200)
at biz.paluch.logging.gelf.intern.sender.GelfTCPSSLSender.connect(GelfTCPSSLSender.java:61)
at biz.paluch.logging.gelf.intern.sender.GelfTCPSender.sendMessage(GelfTCPSender.java:103)
... 7 more
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1703)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:281)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:841)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:839)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1273)
at biz.paluch.logging.gelf.intern.sender.GelfTCPSSLSender.doHandshake(GelfTCPSSLSender.java:240)
... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:283)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:138)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1433)
... 16 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380)
... 22 more
log4j.properties:
log4j.appender.graylog2=biz.paluch.logging.gelf.log4j.GelfLogAppender
log4j.appender.graylog2.Host=ssl:myGraylogHost
log4j.appender.graylog2.Port=myPort
log4j.appender.graylog2.originHost=localhost
log4j.appender.graylog2.layout=org.apache.log4j.PatternLayout
log4j.appender.graylog2.layout.ConversionPattern=%d |%t|%c{1}| %-5p - %m%n
log4j.appender.graylog2.additionalFields={'environment': 'DEV', 'application': 'MyAPP'}
log4j.appender.graylog2.extractStackTrace=true
log4j.appender.graylog2.addExtendedInformation=true
log4j.appender.graylog2.Facility=gelf-java
谁能告诉我,为什么它会引发如此多的异常?
答
检查以下几点
- 这是给这个例外正在使用的JRE installation.go那里,把证书您的网址的代码。
- 您正在使用根证书。
答
除了@ jaydeep的帖子:
- 验证SSL设置的基本的互操作性。您可以使用一个相当简单的工具,请参见https://gist.github.com/4ndrej/4547029。
-
logstash-gelf
提供了一些关于SSL的配置选项,请参阅TCP Sender SSL documentation。 - 我注意到你正在使用IP地址作为主机名。确保您的证书包含IP地址作为主题或Subject Alternative Name (IP SANs)。