You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cortex fails to download analyzers/responders when https.proxy and trustStore java options are added.
Steps to Reproduce
Mouint cortex-application.conf to /etc/cortex/application.conf
Mount the truststore to /opt/cortex/lx-ca-bundle.jks
Deploy the cortex.yaml file below
Don't profit
Complementary information
The jks bundle contains default certs from /etc/ssl/certs/ca-certificates.crt as well as my own CA certs. I need the truststore in order for LDAPS auth to work. Separately, both settings work fine. When I try to use them together I get the following error. I though it might be the proxy doing ssl inspection and providing some other certs that's not present in the jks truststore, but that is not the case. In the log files it also seems the connection to TH's website went though fine.
Logs
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083] REGISTERED
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431] REGISTERED
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431] CONNECT: proxy.domain.sk/:8000
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083] CONNECT: proxy.domain.sk/:8000
[�[36mdebug�[0m] p.s.a.o.a.n.c.NettyConnectListener - Using new Channel '[id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000]' for 'CONNECT' to 'download.thehive-project.org:443'
[�[36mdebug�[0m] p.s.a.o.a.n.c.NettyConnectListener - Using new Channel '[id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000]' for 'CONNECT' to 'download.thehive-project.org:443'
[�[36mdebug�[0m] p.s.a.i.n.u.Recycler - -Dio.netty.recycler.maxCapacityPerThread: 4096
[�[36mdebug�[0m] p.s.a.i.n.u.Recycler - -Dio.netty.recycler.maxSharedCapacityFactor: 2
[�[36mdebug�[0m] p.s.a.i.n.u.Recycler - -Dio.netty.recycler.linkCapacity: 16
[�[36mdebug�[0m] p.s.a.i.n.u.Recycler - -Dio.netty.recycler.ratio: 8
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] WRITE: 123B
+-------------------------------------------------+
| 0 1 2 3 4 5 6 7 8 9 a b c d e f |
+--------+-------------------------------------------------+----------------+
|00000000| 43 4f 4e 4e 45 43 54 20 64 6f 77 6e 6c 6f 61 64 |CONNECT download|
|00000010| 2e 74 68 65 68 69 76 65 2d 70 72 6f 6a 65 63 74 |.thehive-project|
|00000020| 2e 6f 72 67 3a 34 34 33 20 48 54 54 50 2f 31 2e |.org:443 HTTP/1.|
|00000030| 31 0d 0a 68 6f 73 74 3a 20 64 6f 77 6e 6c 6f 61 |1..host: downloa|
|00000040| 64 2e 74 68 65 68 69 76 65 2d 70 72 6f 6a 65 63 |d.thehive-projec|
|00000050| 74 2e 6f 72 67 0d 0a 61 63 63 65 70 74 3a 20 2a |t.org..accept: *|
|00000060| 2f 2a 0d 0a 75 73 65 72 2d 61 67 65 6e 74 3a 20 |/*..user-agent: |
|00000070| 41 48 43 2f 32 2e 31 0d 0a 0d 0a |AHC/2.1.... |
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] WRITE: 123B
+-------------------------------------------------+
| 0 1 2 3 4 5 6 7 8 9 a b c d e f |
+--------+-------------------------------------------------+----------------+
|00000000| 43 4f 4e 4e 45 43 54 20 64 6f 77 6e 6c 6f 61 64 |CONNECT download|
|00000010| 2e 74 68 65 68 69 76 65 2d 70 72 6f 6a 65 63 74 |.thehive-project|
|00000020| 2e 6f 72 67 3a 34 34 33 20 48 54 54 50 2f 31 2e |.org:443 HTTP/1.|
|00000030| 31 0d 0a 68 6f 73 74 3a 20 64 6f 77 6e 6c 6f 61 |1..host: downloa|
|00000040| 64 2e 74 68 65 68 69 76 65 2d 70 72 6f 6a 65 63 |d.thehive-projec|
|00000050| 74 2e 6f 72 67 0d 0a 61 63 63 65 70 74 3a 20 2a |t.org..accept: *|
|00000060| 2f 2a 0d 0a 75 73 65 72 2d 61 67 65 6e 74 3a 20 |/*..user-agent: |
|00000070| 41 48 43 2f 32 2e 31 0d 0a 0d 0a |AHC/2.1.... |
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] ACTIVE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] ACTIVE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] READ: 39B
+-------------------------------------------------+
| 0 1 2 3 4 5 6 7 8 9 a b c d e f |
+--------+-------------------------------------------------+----------------+
|00000000| 48 54 54 50 2f 31 2e 30 20 32 30 30 20 43 6f 6e |HTTP/1.0 200 Con|
|00000010| 6e 65 63 74 69 6f 6e 20 65 73 74 61 62 6c 69 73 |nection establis|
|00000020| 68 65 64 0d 0a 0d 0a |hed.... |
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] READ: 39B
+-------------------------------------------------+
| 0 1 2 3 4 5 6 7 8 9 a b c d e f |
+--------+-------------------------------------------------+----------------+
|00000000| 48 54 54 50 2f 31 2e 30 20 32 30 30 20 43 6f 6e |HTTP/1.0 200 Con|
|00000010| 6e 65 63 74 69 6f 6e 20 65 73 74 61 62 6c 69 73 |nection establis|
|00000020| 68 65 64 0d 0a 0d 0a |hed.... |
+--------+-------------------------------------------------+----------------+
[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler -
Request DefaultFullHttpRequest(decodeResult: success, version: HTTP/1.1, content: EmptyByteBufBE)
CONNECT download.thehive-project.org:443 HTTP/1.1
host: download.thehive-project.org
accept: */*
user-agent: AHC/2.1
Response DefaultHttpResponse(decodeResult: success, version: HTTP/1.0)
HTTP/1.0 200 Connection established
[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler -
Request DefaultFullHttpRequest(decodeResult: success, version: HTTP/1.1, content: EmptyByteBufBE)
CONNECT download.thehive-project.org:443 HTTP/1.1
host: download.thehive-project.org
accept: */*
user-agent: AHC/2.1
Response DefaultHttpResponse(decodeResult: success, version: HTTP/1.0)
HTTP/1.0 200 Connection established
[�[36mdebug�[0m] p.s.a.o.a.n.h.i.ConnectSuccessInterceptor - Connecting to proxy play.shaded.ahc.org.asynchttpclient.proxy.ProxyServer@6453ba5b for scheme https
[�[36mdebug�[0m] p.s.a.o.a.n.h.i.ConnectSuccessInterceptor - Connecting to proxy play.shaded.ahc.org.asynchttpclient.proxy.ProxyServer@5afe2770 for scheme https
[�[36mdebug�[0m] o.j.hk2.logger - Shutdown ServiceLocator ServiceLocatorImpl(jersey-common-rd-locator,0,1518037877)
[�[36mdebug�[0m] o.j.hk2.logger - ServiceLocator ServiceLocatorImpl(jersey-common-rd-locator,0,1518037877) has been shutdown
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] WRITE: 304B
+-------------------------------------------------+
| 0 1 2 3 4 5 6 7 8 9 a b c d e f |
+--------+-------------------------------------------------+----------------+
|00000000| 16 03 03 01 2b 01 00 01 27 03 03 04 fd 52 19 72 |....+...'....R.r|
|00000010| d7 f8 a3 14 0d c5 2e d3 11 ad ac 93 5a fd fe 07 |............Z...|
...
|00000110| 01 06 01 04 02 03 03 03 01 03 02 02 03 02 01 02 |................|
|00000120| 02 00 17 00 00 00 2b 00 07 06 03 03 03 02 03 01 |......+.........|
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] WRITE: 304B
+-------------------------------------------------+
| 0 1 2 3 4 5 6 7 8 9 a b c d e f |
+--------+-------------------------------------------------+----------------+
|00000000| 16 03 03 01 2b 01 00 01 27 03 03 e5 26 cb 0d b9 |....+...'...&...|
|00000010| 0c 5e 61 f8 7d 58 d6 b3 31 3d 01 22 0e 60 f2 72 |.^a.}X..1=.".`.r|
...
|00000110| 01 06 01 04 02 03 03 03 01 03 02 02 03 02 01 02 |................|
|00000120| 02 00 17 00 00 00 2b 00 07 06 03 03 03 02 03 01 |......+.........|
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] READ COMPLETE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] READ COMPLETE
[�[36mdebug�[0m] o.j.hk2.logger - Created ServiceLocator ServiceLocatorImpl(__HK2_Generated_0,1,1770496307)
[�[34mtrace�[0m] o.g.j.i.ServiceFinder - Loading next class: org.glassfish.jersey.jackson.internal.JacksonAutoDiscoverable
[�[37minfo�[0m] o.g.j.p.i.ExecutorProviders - Selected ExecutorServiceProvider implementation [org.glassfish.jersey.client.DefaultClientAsyncExecutorProvider] to be used for injection of executor qualified by [org.glassfish.jersey.client.ClientAsyncExecutor] annotation.
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] READ: 1024B
+-------------------------------------------------+
| 0 1 2 3 4 5 6 7 8 9 a b c d e f |
+--------+-------------------------------------------------+----------------+
|00000000| 16 03 03 00 61 02 00 00 5d 03 03 cd 60 9e 7e 1c |....a...]...`.~.|
|00000010| df 44 c6 b7 5a d1 82 4b 2e 41 60 79 8d 7b 1b f9 |.D..Z..K.A`y.{..|
...
|000003e0| 60 6a 49 e6 4b 2c 4b 31 ed 48 c3 93 ad 38 10 61 |`jI.K,K1.H...8.a|
|000003f0| 5b 00 76 00 e8 3e d0 da 3e f5 06 35 32 e7 57 28 |[.v..>..>..52.W(|
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] READ: 1024B
+-------------------------------------------------+
| 0 1 2 3 4 5 6 7 8 9 a b c d e f |
+--------+-------------------------------------------------+----------------+
|00000000| 16 03 03 00 61 02 00 00 5d 03 03 d9 95 c6 9c 35 |....a...]......5|
|00000010| 60 53 25 36 b0 4c 3d b8 4c 77 22 4f 58 7e a4 e7 |`S%6.L=.Lw"OX~..|
...
|000003e0| 60 6a 49 e6 4b 2c 4b 31 ed 48 c3 93 ad 38 10 61 |`jI.K,K1.H...8.a|
|000003f0| 5b 00 76 00 e8 3e d0 da 3e f5 06 35 32 e7 57 28 |[.v..>..>..52.W(|
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] READ COMPLETE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] READ: 3420B
+-------------------------------------------------+
| 0 1 2 3 4 5 6 7 8 9 a b c d e f |
+--------+-------------------------------------------------+----------------+
|00000000| bc 89 6b c9 03 d3 cb d1 11 6b ec eb 69 e1 77 7d |..k......k..i.w}|
|00000010| 6d 06 bd 6e 00 00 01 89 b1 27 1a 4c 00 00 04 03 |m..n.....'.L....|
...
|00000d40| ad 78 56 b8 18 b2 25 c4 07 57 e0 1a f3 9a 1d 03 |.xV...%..W......|
|00000d50| e9 cc 70 16 03 03 00 04 0e 00 00 00 |..p......... |
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] READ COMPLETE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] READ: 3420B
+-------------------------------------------------+
| 0 1 2 3 4 5 6 7 8 9 a b c d e f |
+--------+-------------------------------------------------+----------------+
|00000000| bc 89 6b c9 03 d3 cb d1 11 6b ec eb 69 e1 77 7d |..k......k..i.w}|
|00000010| 6d 06 bd 6e 00 00 01 89 b1 27 1a 4c 00 00 04 03 |m..n.....'.L....|
....
|00000d40| e0 56 b1 96 50 66 13 69 d1 4a 5c 42 f2 38 70 92 |.V..Pf.i.J\B.8p.|
|00000d50| 58 b1 f1 16 03 03 00 04 0e 00 00 00 |X........... |
+--------+-------------------------------------------------+----------------+
[�[33mwarn�[0m] o.t.c.s.WorkerSrv - Worker path (https://download.thehive-project.org/analyzers.json) is not found
[�[33mwarn�[0m] o.t.c.s.WorkerSrv - Worker path (https://download.thehive-project.org/responders.json) is not found
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] WRITE: 7B
+-------------------------------------------------+
| 0 1 2 3 4 5 6 7 8 9 a b c d e f |
+--------+-------------------------------------------------+----------------+
|00000000| 15 03 03 00 02 02 2e |....... |
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 - R:proxy.domain.sk/:8000] CLOSE
[�[37minfo�[0m] o.t.c.s.WorkerSrv - New worker list:
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] WRITE: 7B
+-------------------------------------------------+
| 0 1 2 3 4 5 6 7 8 9 a b c d e f |
+--------+-------------------------------------------------+----------------+
|00000000| 15 03 03 00 02 02 2e |....... |
+--------+-------------------------------------------------+----------------+
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] FLUSH
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 - R:proxy.domain.sk/:8000] CLOSE
[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler - Unexpected I/O exception on channel [id: 0x4d9ad083, L:/10.233.87.134:51594 ! R:proxy.domain.sk/:8000]
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323)
at sun.security.validator.Validator.validate(Validator.java:271)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:278)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632)
[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler - Unexpected I/O exception on channel [id: 0x625dc431, L:/10.233.87.134:51580 ! R:proxy.domain.sk/:8000]
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:451)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:323)
at sun.security.validator.Validator.validate(Validator.java:271)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:315)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:278)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632)
[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler - Was unable to recover Future: NettyResponseFuture{currentRetry=0,
isDone=1,
isCancelled=0,
asyncHandler=play.api.libs.ws.ahc.StandaloneAhcWSClient$$anon$1@35e86a5f,
nettyRequest=play.shaded.ahc.org.asynchttpclient.netty.request.NettyRequest@3a5b3a89,
future=java.util.concurrent.CompletableFuture@65681fa6[Completed exceptionally],
uri=https://download.thehive-project.org/responders.json,
keepAlive=false,
redirectCount=0,
timeoutsHolder=null,
inAuth=0,
touch=1695712997992}
[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler - Was unable to recover Future: NettyResponseFuture{currentRetry=0,
isDone=1,
isCancelled=0,
asyncHandler=play.api.libs.ws.ahc.StandaloneAhcWSClient$$anon$1@2f77a458,
nettyRequest=play.shaded.ahc.org.asynchttpclient.netty.request.NettyRequest@12c25445,
future=java.util.concurrent.CompletableFuture@17f37b89[Completed exceptionally],
uri=https://download.thehive-project.org/analyzers.json,
keepAlive=false,
redirectCount=0,
timeoutsHolder=null,
inAuth=0,
touch=1695712997992}
[�[36mdebug�[0m] p.s.a.o.a.n.c.ChannelManager - Closing Channel [id: 0x4d9ad083, L:/10.233.87.134:51594 ! R:proxy.domain.sk/:8000]
[�[36mdebug�[0m] p.s.a.o.a.n.c.ChannelManager - Closing Channel [id: 0x625dc431, L:/10.233.87.134:51580 ! R:proxy.domain.sk/:8000]
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 ! R:proxy.domain.sk/:8000] READ COMPLETE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 ! R:proxy.domain.sk/:8000] READ COMPLETE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 ! R:proxy.domain.sk/:8000] INACTIVE
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 ! R:proxy.domain.sk/:8000] INACTIVE
[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler - Channel Closed: [id: 0x625dc431, L:/10.233.87.134:51580 ! R:proxy.domain.sk/:8000] with attribute DISCARD
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x625dc431, L:/10.233.87.134:51580 ! R:proxy.domain.sk/:8000] UNREGISTERED
[�[36mdebug�[0m] p.s.a.o.a.n.h.HttpHandler - Channel Closed: [id: 0x4d9ad083, L:/10.233.87.134:51594 ! R:proxy.domain.sk/:8000] with attribute DISCARD
[�[34mtrace�[0m] p.s.a.i.n.h.l.LoggingHandler - [id: 0x4d9ad083, L:/10.233.87.134:51594 ! R:proxy.domain.sk/:8000] UNREGISTERED
Request Type
Bug
Work Environment
Problem Description
Cortex fails to download analyzers/responders when https.proxy and trustStore java options are added.
Steps to Reproduce
cortex-application.conf
to /etc/cortex/application.confcortex.yaml
file belowComplementary information
The jks bundle contains default certs from /etc/ssl/certs/ca-certificates.crt as well as my own CA certs. I need the truststore in order for LDAPS auth to work. Separately, both settings work fine. When I try to use them together I get the following error. I though it might be the proxy doing ssl inspection and providing some other certs that's not present in the jks truststore, but that is not the case. In the log files it also seems the connection to TH's website went though fine.
Logs
cortex-application.conf
cortex.yaml manifest
The text was updated successfully, but these errors were encountered: