Certificate error -javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error

Getting the below error while trying to access elasticsearch https://<server:name>/9200 and it says connection is not secure

DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: decrypt_error
        
Below is the elasticsearch.yml config

xpack.security.http.ssl.verification_mode: certificate
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.http.ssl.supported_protocols: TLSv1.2
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /opt/elastic/elasticsearch_7163/elasticsearch-7.16.3/config/certs/abc123.com.key
xpack.security.http.ssl.certificate: /opt/elastic/elasticsearch_7163/elasticsearch-7.16.3/config/certs/abc123.com_chain.crt
xpack.security.http.ssl.certificate_authorities: [ "/opt/elastic/elasticsearch_7163/elasticsearch-7.16.3/config/certs/abc123.com_chain.crt" ]
xpack.security.transport.ssl.key: /opt/elastic/elasticsearch_7163/elasticsearch-7.16.3/config/certs/abc123.com.key
xpack.security.transport.ssl.certificate: /opt/elastic/elasticsearch_7163/elasticsearch-7.16.3/config/certs/abc123.com_chain.crt
xpack.security.transport.ssl.certificate_authorities: [ "/opt/elastic/elasticsearch_7163/elasticsearch-7.16.3/config/certs/abc123.com_chain.crt" ]

I downloaded the certs from org and in the zip file - it had .crt, .key and pem file

Can you try adding this setting?

xpack.security.enabled: true

The default was changed in 8.0.0 to true. Prior versions defaulted to false, and it looks like you may be using 7.16.3.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.