I am trying to install the sumologic collector on windows machine and collector is not registering and I am getting below error.
com.sumologic.scala.collector.auth.CollectorRegistrationManager - https://collectors.us2.sumologic.com resolves to addresses 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11
2018-03-09 12:14:07,687 +0300 [WrapperSimpleAppMain] WARN com.sumologic.scala.collector.auth.CollectorRegistrationManager - Unexpected when pinging sumo service, retrying in 60 seconds
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
This is typically due to a network type of issue - either connectivity or SSL certificate issue related to proxy or firewall.
1. The following test helps determine the cause of the issue.
From the server hosting the collector, run a cURL command (the executable can be downloaded for Windows from this link
curl --insecure -v https://collectors.us2.sumologic.com
If the above command does not return the following message "* SSL certificate verify ok." then review the output and take the necessary action at the firewall or proxy level.
2. If the above step shows SSL certificate verified OK, then the following steps could help. This could happen if there is an issue with the cacerts file usually located at
Linux default location: /opt/SumoCollector/jre/lib/security
windows default location C:\Program Files\Sumo Logic Collector\jre\lib\security\cacerts
Note that the jre directory would be available from line below in the <collector_dir>/config/wrapper.conf file
wrapper.java.command = <some jre path>
Below are the tools to download and install Sumo Logic certificate
1. Open IE on proxy machine and enter the below endpoint link of the deployment which belongs to your org id, below one is for US2 deployment.
Then click on the Green lock in the address bar and then Details and export the certificate and give a name to the certificate file, say sumologic-2.cer
2. Then on CMD window on affected server (steps for linux are similar but slightly different using forward slashes for the path instead of back slashes as used in windows). Make sure you are running as administrator user, find the jre on this machine (which is mentioned in user.properties) and find the below path
# you should see the cacerts file in this directory
The keytool command is at below path
Navigate to ../jre/bin and run the below command
..\..\bin/keytool.exe -keystore cacerts -importcert -alias sumocert1 -file <path_to_file\sumologic-2.cer..>
Enter keystore password:
5.) Type the password for the keystore at the “Password” prompt and press Enter. The default Java password for the cacerts file is “changeit”.
6.) Type ‘y’ at the “Trust this certificate?” prompt and press Enter.
7) ..\..\bin\keytool -list -keystore cacerts -alias sumocert1
8). Once above steps are done you need to stop and start the collector