Certificate error when creation S3 repository for snapshot

deependra · February 11, 2021, 3:56am

Hi team,

I am trying to create a S3 repository so that I can send snapshot to it and then restore on destination cluster.

I am using elasticsearch 5.2.2 version and have installed equivalent s3 repo plugin.

OS - centos

When I try creating s3 repo using below command:

curl -XPUT 'http://10.173.39.167:9200/_snapshot/repository-s3?verify=false&pretty' -d'
{
  "type": "s3",
  "settings": {
    "bucket": "elasticsearch-snap-bucket",
    "region": "ap-south-1",
    "access_key": "accesskey",
    "secret_key": "secretkey",
    "server_side_encryption": true,
    "protocol": "https"
  }
}'

I end up with below error:-

  "error" : {
    "root_cause" : [
      {
        "type" : "amazon_client_exception",
        "reason" : "amazon_client_exception: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
      }
    ],
    "type" : "repository_exception",
    "reason" : "[repository-s3] failed to create repository",
    "caused_by" : {
      "type" : "amazon_client_exception",
      "reason" : "amazon_client_exception: Unable to execute HTTP request: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
      "caused_by" : {
        "type" : "i_o_exception",
        "reason" : "sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
        "caused_by" : {
          "type" : "validator_exception",
          "reason" : "validator_exception: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
          "caused_by" : {
            "type" : "sun_cert_path_builder_exception",
            "reason" : "sun_cert_path_builder_exception: unable to find valid certification path to requested target"
          }
        }
      }
    }
  },
  "status" : 500
}

Please help

deependra · February 11, 2021, 3:59am

Steps that I have tried. But without any success. It still throws the same error.

echo -n | openssl s_client -connect s3.ap-south-1.amazonaws.com | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > ./cert.crt

keytool -import -alias sthrecerts -file ca_logstash.cer -keystore /usr/java/jdk1.8.0_91/jre/lib/security/cacerts

i m using java 1.8.0_91

system · March 11, 2021, 3:59am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Not able to create S3 Repo Elasticsearch	2	773	September 20, 2018
S3 Snapshot issues Elasticsearch	7	1237	June 8, 2020
Connecting to S3 Unable to execute HTTP request: PKIX path building failed Elasticsearch elastic-stack-security , snapshot-and-restore	2	6478	July 12, 2021
Cloud-aws 2.3.1 authentication error when used for snapshots Elasticsearch	13	1429	July 5, 2017
How to give s3 client and server certificates to s3 repository client Elasticsearch	2	1338	March 9, 2020

Certificate error when creation S3 repository for snapshot

Related topics