tunbb opened a new issue, #10056: URL: https://github.com/apache/skywalking/issues/10056
### Search before asking - [X] I had searched in the [issues](https://github.com/apache/skywalking/issues?q=is%3Aissue) and found no similar issues. ### Apache SkyWalking Component Helm Chart (apache/skywalking-kubernetes) ### What happened I've using es storage with https, but I am stuck in certification although .jks have already insert in the es-init pod and the oap pod. How can I solve the problem? error: length-B,duratio-0ns,totalDurat0n=249ms (249630923ns), cause=com.linecorp.armeriaclient,UnprocessedRequestException: javax.netSSLHandshakeException: General OpenSslEngineproblem. headers=l:status=071com.linecorp.armeria.client.UnprocessedRequestException: javax.net.ssl.SSLHandshakeExceptioieneral OpenSslEngine problerjar:?]at com,linecorp.armeria.client.UnprocessedRequestException.of(UnprocessedRequestExcetlon java:o) larmerla-1.1o..at com,linecorp.armeria.client.HttpChannelpool .notifyConnect(HttpChannelpool.java:550) [armeria-1.16.8.jar:?)at com,linecorp.armeria.client.HttpChannelpool.lambdasconnect$4(HttpChannelPooljava:378) armeria-1.16.0.jar:?)at io.netty.util.concurrent.DefaultPromise.notifylistener DefaultPromise,java:578) netty-common-4.1.77.Final, jar:4.1.77.Finat io.nettyutil.concurentDefaultPromisenotifylistenersNow(DefaultPromise.java:552) Inetty-comon-4.1.77.Final,jar:4.1.77al]eners(Defaultromise.java:491) [netty-common-4.1.77.Finaliar:4.1.77.Finat io.netty.util.conc urrent.DefaultPromise.setValue0(DefaultPromise.java:616) Inetty-common-4.1.77.Final,jar:4.1.77.Finalat io.netty,utilconcurrentDefaultPromise. setFailuree(DefaultPromise ava:609) netty-Common-4.1.77.Final.jar:4.1.77.Finalat ionetty.util.concurrent.DefaultPromise.tryFailure(DefaultPromise.java:117) [netty-common-4.1.77.Final.jar:4.1.77.Final)at com.linecoro.armeriaclient,HttoSessionHandler.channelnactive(HttosessionHandler java:426) /armeria-1.16.0.jar.?at ionetty.channel.AbstractChannelHandlerContext.invokeChanelinactive(AbstractchannelHandlerContext java:262) Inetty-transoat io.netty,chamnel,AbstractChamnelHandlerontext invokechannelinactive(AbstractChannelHandlerontext. java:248) netty-transoi at io.netty.util.concurrent .Defaultpromise-4.1.77.Final.jar:4.1.77.Final] notfws+ -4.1.77.Final.jar:4.1.77.Final] Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathbuilderExcept ion: unable to find valid certification path to requested targetat sun.security.validator.PKIXValidator.doBuild(Unknown Source) ~[?:?]at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) ~[?:?]at sun.security.validator.Validator.validate(Unknown Source) ~[?:?]at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) ~[?:?]oat sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) ~[?:?]at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) ~[?:?]at io.netty.handler. ssl.Referencelounted0penss1ClientContext$ExtendedtrustManagerVerifycallbackverify(Reference(ountedopenSsllientContext.java:234) [netty-handler-4.1.77.Final.jar:4.1.77.Final]at ionetty.handler.ssl.ReferenceountedopenSslContext$AbstractCertificateVerifier.verify(Referencelounted0penSslContext.java:773) ~[netty-handler-4.1.77.Final.jar:4.1.77.Final]at ionetty.intemnal.tcnativeCertificateverifierTaskruntask(CertificateverifierTask.java:3) netty-tcnative-clases-2.0 .52.inal.jar:2.0.52.Final] ### What you expected to happen es-int job is successully completed and oap pod is running ### How to reproduce elasticsearch: enabled: false config: # For users of an existing elasticsearch cluster,takes effect when `elasticsearch.enabled` is false host: xx-es.xx.svc port: http: 9200 user: "xx" # [optional] password: "xx" volumeMounts: {{- if eq .Values.oap.env.SW_STORAGE_ES_HTTP_PROTOCOL "https" }} - name: skywalking-es-ca mountPath: /skywalking/es/config/truststore.jks subPath: truststore.jks {{- end }} oap: env: SW_STORAGE_ES_HTTP_PROTOCOL: https # more env, please refer to https://hub.docker.com/r/apache/skywalking-oap-server # or https://github.com/apache/skywalking-docker/blob/master/6/6.4/oap/README.md#sw_telemetry SW_SW_STORAGE_ES_SSL_JKS_PATH: "/skywalking/es/config/truststore.jks" SW_SW_STORAGE_ES_SSL_JKS_PASS: "xxx" ### Anything else _No response_ ### Are you willing to submit PR? - [ ] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://www.apache.org/foundation/policies/conduct) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
