Authentication Error and SSL

Hi folks,

I need some advice here. We have an ES Cluster running on version 7.16.3, spread in 28 nodes with role master-only, ingest-only and data-only.

SSL is enabled for http and transport and running fine until we renew the certificates that has expired.

It throws the below error when we try to query with curl -XGET -u user:password http_url:9200/_cluster/stats

{"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/_security/_authenticate]","header":{"WWW-Authenticate":["Basic realm="security" charset="UTF-8"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/_security/_authenticate]","header":{"WWW-Authenticate":["Basic realm="security" charset="UTF-8"","ApiKey"]}},"status":401}

Just to provide more context to the issue:

  1. We are quite sure it's not the credential issue. We try to disable SSL by setting false for settings in elasticsearch.yml and test the api with http and it works.
  2. We also quite sure the certs are working fine by testing cert with openssl s_client ip:9200.

Question:
Is there any way we can narrow down and eliminate the possibilities that causing the issue?

I tried to shutdown ES services for all the nodes. and start with 1 and 2 master nodes, it's still show the same error. Is there any requirement to have at least the master node to work first, so that the authentication function is running?

Check your logs.
The most likely cause is that you've misconfigured the transport certs and the cluster is not forming correctly. The logs will confirm whether that's the case, and give some indication of what might be wrong.

That version was released 2.5 years ago. We strongly recommend that you upgrade.

Hi Tim,

Thanks for pointing out that. It's indeed is some certificate issue. Once it's renew, the issue resolved. Appreciate your help.