我想通過ssl將我的錯誤日誌發送到我的Graylog2服務器。不幸的是，我總是得到例外。我已經在Java的cacerts中安裝了我的ssl/tls證書。此外，我的Graylog-Server上還存在證書。Java：Gelf-Logstash - >「ssl：hostname」時的例外情況

例外：

log4j:ERROR General SSLEngine problem 
java.io.IOException: Cannot send data to 192.168.10.74:12202 
    at biz.paluch.logging.gelf.intern.sender.GelfTCPSender.sendMessage(GelfTCPSender.java:126) 
    at biz.paluch.logging.gelf.log4j.GelfLogAppender.append(GelfLogAppender.java:92) 
    at org.apache.log4j.AppenderSkeleton.doAppend(AppenderSkeleton.java:251) 
    at org.apache.log4j.helpers.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:66) 
    at org.apache.log4j.Category.callAppenders(Category.java:206) 
    at org.apache.log4j.Category.forcedLog(Category.java:391) 
    at org.apache.log4j.Category.error(Category.java:322) 
    at logging.J2Graylog.main(J2Graylog.java:19) 
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem 
    at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1336) 
    at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519) 
    at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197) 
    at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1169) 
    at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) 
    at biz.paluch.logging.gelf.intern.sender.GelfTCPSSLSender.doHandshake(GelfTCPSSLSender.java:200) 
    at biz.paluch.logging.gelf.intern.sender.GelfTCPSSLSender.connect(GelfTCPSSLSender.java:61) 
    at biz.paluch.logging.gelf.intern.sender.GelfTCPSender.sendMessage(GelfTCPSender.java:103) 
    ... 7 more 
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem 
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) 
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1703) 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:281) 
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:273) 
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1446) 
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209) 
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:901) 
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:841) 
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:839) 
    at java.security.AccessController.doPrivileged(Native Method) 
    at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1273) 
    at biz.paluch.logging.gelf.intern.sender.GelfTCPSSLSender.doHandshake(GelfTCPSSLSender.java:240) 
    ... 9 more 
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385) 
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) 
    at sun.security.validator.Validator.validate(Validator.java:260) 
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326) 
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:283) 
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:138) 
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1433) 
    ... 16 more 
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target 
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:196) 
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268) 
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:380) 
    ... 22 more

log4j.properties：

log4j.appender.graylog2=biz.paluch.logging.gelf.log4j.GelfLogAppender 
log4j.appender.graylog2.Host=ssl:myGraylogHost 
log4j.appender.graylog2.Port=myPort 
log4j.appender.graylog2.originHost=localhost 
log4j.appender.graylog2.layout=org.apache.log4j.PatternLayout 
log4j.appender.graylog2.layout.ConversionPattern=%d |%t|%c{1}| %-5p - %m%n 
log4j.appender.graylog2.additionalFields={'environment': 'DEV', 'application': 'MyAPP'} 
log4j.appender.graylog2.extractStackTrace=true 
log4j.appender.graylog2.addExtendedInformation=true 
log4j.appender.graylog2.Facility=gelf-java

誰能告訴我，爲什麼它會引發如此多的異常？

來源

2016-11-21 Rene

檢查以下幾點

這是給這個例外正在使用的JRE installation.go那裏，把證書您的網址的代碼。
您正在使用根證書。

來源

2016-11-21 15:32:22 positivecrux

除了@ jaydeep的帖子：

驗證SSL設置的基本的互操作性。您可以使用一個相當簡單的工具，請參見https://gist.github.com/4ndrej/4547029。
logstash-gelf提供了一些關於SSL的配置選項，請參閱TCP Sender SSL documentation。
我注意到你正在使用IP地址作爲主機名。確保您的證書包含IP地址作爲主題或Subject Alternative Name (IP SANs)。

來源

2016-12-08 10:19:50 mp911de

Java：Gelf-Logstash - >「ssl：hostname」時的例外情況

例外：

log4j.properties：

回答

相關問題