Hi @dadasami how you have configured the collector you are forcing the connection to be upgraded to TLS without having a valid TLS connection.
IF you want to terminate TLS at the load balancer you should update your config like so:
# optional SSL/TLS configuration
ssl {
enable = false
# whether to redirect HTTP to HTTPS
redirect = false
port = 9543
}
IF you do want to use the TLS port on the Collector you need to configure a local SSL certificate private key for the collector to use - to generate a self-signed cert in bash you would do something like this:
ssl_dir=/opt/snowplow/ssl
mkdir -p ${ssl_dir}
sudo openssl req \
-x509 \
-newkey rsa:4096 \
-keyout ${ssl_dir}/collector_key.pem \
-out ${ssl_dir}/collector_cert.pem \
-days 3650 \
-nodes \
-subj "/C=UK/O=Acme/OU=DevOps/CN=*.acme.com"
sudo openssl pkcs12 \
-export \
-out ${ssl_dir}/collector.p12 \
-inkey ${ssl_dir}/collector_key.pem \
-in ${ssl_dir}/collector_cert.pem \
-passout pass:
sudo chmod 644 ${ssl_dir}/collector.p12
You then configure the path to the “p12” file in your config:
ssl-config {
debug = {
ssl = true
}
keyManager = {
stores = [
{type = "PKCS12", classpath = false, path = "/snowplow/ssl/collector.p12", password = "" }
]
}
loose {
disableHostnameVerification = true
}
}
Note: If you are using a verified certificate you should not disable hostname verification.