Certificate invalid

Hello,
I am running Elasticsearch locally with default configuration out of the box. When I try to browse to https://localhost:9200, I get Privacy error in chrome, saying that connection is not private. I know that during initialization TLS is setup automatically with certificate but when I check the certificate status in chrome it says it is not valid.

I did then go to the certs folder and reinstalled the http_ca certificate to the trusted authorized authority on the local machine. Now that the certificate itself is OK but in the browser I am still getting the same privacy warning.

I thought the by installing the certificate in trusted keystore on the windows machine. it should work.

Is there anything I am missing or step that needs to be done.

Thanks

Can you post the exact details of the error you get in your browser?

Also note that elastisearch offers a REST API over HTTP and is not a web “platform”, so you probably want to interact with it with something different than a web browser (that will only send HTTP GET requests to Elasticsearch ), you can try curl or postman if you prefer a UI

Hello Ioannis,

Thank you for the response. I think I didnt get the question correct. So i will add more information here.

I downloaded the zip file on my windows machine. I unzipped it and ran Elasticsearch.bat wihtout making any other changes. It initializes Elasticsearch but on the console I see following error:

[TV017717584457] exception during geoip databases update
javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target


Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?]
        at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?]
        at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[?:?]
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:383) ~[?:?]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:271) ~[?:?]
        at sun.security.validator.Validator.validate(Validator.java:256) ~[?:?]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231) ~[?:?]
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) ~[?:?]
        at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[?:?]
        ... 33 more


I can see the current.health as GREEN and I can navigate to localhost:9200 and get a response after providing credentials.

On navigating to localhost:9200, in console i can see following:

[2022-06-13T14:21:13,278][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [TV017717584457] 
http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/[0:0:0:0:0:0:0:1]:9200, remoteAddress=/[0:0:0:0:0:0:0:1]:56250}

In chrome browser I can "not secure" and when I check it its says the certificate in not valid. Now if I click on advances and proceed, I am still prompted for username and password and Elasticsearch works as expected.

Firstly how can I get rid of the certificate error on the browser. Seconldy when I try to get new enrollment token, I see another error saying "unable to determine cluster health"

Any idea why this is happening?

Hello,

Have you tried installing the http-ca certificate in the "Third-Party Root Certification Authorities" folder for the local computer? I had a similar error and this worked for me.

Hi James, Yes I did figure it out that the certificate has to be loaded into the "Third-Party Root Certification Authorities". However now I have discovered another issue on windows. If i run elasticsearch.bat it works fine however if the process is shutdown or I have to restart my machine and try to run elasticsearch.bat again, it does work but kibana is unable to connect citing issue with reaching out to elasticsearch. In the same way other batch files related to getting token or setting password stop working and complain about unable to determine health. This all still happens even when I can verify in browser that elasticsearch is up and running. A bit odd behavior.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.