APIGW 10.15 ElasticSearch is not Working

abatays · August 19, 2024, 1:11pm

Product/components used and version/fix level:

APIGW 10.15

Detailed explanation of the problem:

the issue is when i am trying to start the elasticsearch i am getting this error so i cannot start the Integration Server.

Error messages / full error message screenshot / log file:

[2024-08-19T09:42:16,438][ERROR][o.e.i.g.GeoIpDownloader ] [-.**.LOCAL1719832830050] exception during geoip databases update
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Question related to a free trial, or to a production (customer) instance?

its Local machine Development Environment.

Holger_von_Thomsen · August 20, 2024, 12:44pm

Hi,

looks to me as the JVM used to run the ElasticSearch Service is not aware of the root or intermediate CA certificates provided by the GeoIPDownloader Server.
Therefore the validation of the Server certificate fails.

Regards,
Holger

abatays · August 26, 2024, 11:42am

Thanks @Holger_von_Thomsen

so what is the cause of this issue and do you know how can i solve it.

Thanks again!

Holger_von_Thomsen · August 26, 2024, 3:50pm

Hi,

search for the default cacerts file in your configured jvm installation as well as any truststore files in your ElasticSearch installation-
Check how the truststore file are configured in your elasticsearch configuration.
Try to find out which server the GeoIPDownloader tries to connect to and try this invocation from a browser manually to retrieve the certificate presented by this server.
After that try to find out in which truststore (cacerts or elastic search truststores) the ca certificates are stored and if not, add them to the elastic search truststores. Stop and restart the elastic search service after doing so.