SSL Certificates issue: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException

[jrobins04]

I am looking for guidance around SSL certificates for talking to Splunk for an app (data input) implemented using your Java SDK. We have an app currently available in splunkbase: https://classic.splunkbase.splunk.com/app/4310/ implemented using the splunk-sdk-java.

When users of our app tries to validateInput or streamEvents, they see the error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target.
Looks like this happens because the certificate presented by their local splunk instance cannot be validated by the splunk-sdk-java code as it in not present in their local trust store.

The present workaround we suggest to our customers, is to manually export this cert and import it into their local java cacerts store. This is not always practical, as the location of truststore can vary for each customer and also in case of splunk cloud, customer would need to contact splunk support to make this change as they don't have access to the actual machines.

I see there are multiple open similar issues: #209, #204, #185

Also, we do not want the setValidateCertificates set to false -> https://docs.splunk.com/DocumentationStatic/JavaSDK/1.9.4/com/splunk/HttpService.html#validateCertificates
For PROD environment, TRUE is strongly recommended, whereas working in localhost OR development environment, FALSE is used.

Do you have any workarounds or possible solution for this issue? Any help would be appreciated.

[ashah-splunk]

Hi @jrobins04 sorry for the delay in the response. We are working on a feature to enable passing and validation of SSL certificate. Once we have the feature fully developed and merged, will publish a new SDK release with the feature. Will keep you updated for the same.

[ihor-sokoliuk-exa]

@jrobins04 Check this: #209 (comment)