I am trying to install the Sumo Logic Collector on a Windows host and the Collector is not registering and I am seeing the below errors in the collector.log
com.sumologic.scala.collector.auth.CollectorRegistrationManager - https://collectors.us2.sumologic.com resolves to addresses 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199
2018-03-09 12:14:07,687 +0300 [WrapperSimpleAppMain] WARN com.sumologic.scala.collector.auth.CollectorRegistrationManager - Unexpected when pinging sumo service, retrying in 60 seconds
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
This is typically due to a network issue caused by either no connectivity or SSL certificate issue. In many cases, these are related to a proxy or firewall configured between the Collector and the Sumo Logic service.
1. The following test can help determine the source of these messages.
From the server hosting the collector, run a cURL command (the executable can be downloaded for Windows from this link
curl --insecure -v https://collectors.us2.sumologic.com
If the above command does not return the following message "* SSL certificate verify ok." then review the output and take the necessary action at the firewall or proxy level.
2. If the above step shows SSL certificate verified OK, then the following steps could help. This could happen if there is an issue with the cacerts file, located within the Java JRE directory. Typically this file will be located in:
Linux default location: /opt/SumoCollector/jre/lib/security
Windows default location C:\Program Files\Sumo Logic Collector\jre\lib\security\cacerts
Note: The JRE directory can be found using the line below in the <collector_dir>/config/wrapper.conf file
wrapper.java.command = <some jre path>
Below are the tools to download and install the Sumo Logic certificate
1. Open IE on the proxy machine and enter the below endpoint link of the deployment which belongs to your org id, below one is for US2 deployment.
Then click on the Green lock in the address bar and then Details and export the certificate and give a name to the certificate file, say sumologic-2.cer
2. Then on CMD window on the affected server (steps for Linux are similar but slightly different using forward slashes for the path instead of backslashes as used in windows). Make sure you are running as an administrator user, find the JRE on this machine (which is mentioned in user.properties) and find the below path
# you should see the cacerts file in this directory
The keytool command is at below path
Navigate to ../jre/bin and run the below command
..\..\bin/keytool.exe -keystore cacerts -importcert -alias sumocert1 -file <path_to_file\sumologic-2.cer..>
Enter keystore password:
3. Type the password for the keystore at the “Password” prompt and press Enter. The default Java password for the cacerts file is “changeit”.
4. Type ‘y’ at the “Trust this certificate?” prompt and press Enter.
5. ..\..\bin\keytool -list -keystore cacerts -alias sumocert1
6. Once the above steps are done you need to stop and start the collector