Hello
In Opensearch 2.17 I have a problem with creating a webhook channel. In case of using HTTPS (example httpS://alert.domain.com/wh.php)
I get an error:
[status_exception] {"event_status_list": [{"config_id":"XdjKR5MB69D4v3TSNEjk","config_type":"webhook","config_name":"test","email_recipient_status":[],"delivery_status":{"status_code":"500","status_text":"Failed to send webhook message PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"}}]}
However, if on Opensearch nodes I use a curl with the CA certificate specified from the config, then everything works without errors.
[root@elk-master]# curl -vv --cacert /etc/opensearch/CA.cer https://alert.domain.com/wh.php
...
< HTTP/2 200
...
In config:
[root@elk-master]# cat /etc/opensearch/opensearch.yml | grep ssl.http
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: node.cer
plugins.security.ssl.http.pemkey_filepath: node.key
plugins.security.ssl.http.pemtrustedcas_filepath: CA.cer
If I use the HTTP protocol, then the alerts work fine.
Please tell me what certificates Notification uses and is it possible to change them somehow?