Continuos warning throwing up in fresh installation of a 3 node elk cluster's 1st node. Please help to sort out

Kindly tell me why this error is shown in a fresh 3 node cluster of elk stack

*2024-08-06T19:47:07,586][WARN ][o.e.h.AbstractHttpServerTransport] [elk-stack-node1.kseb.in] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/10.0.30.94:9200, remoteAddress=/10.0.30.160:35388}*
*io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate*
*	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:499) ~[?:?]*
*	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:290) ~[?:?]*
*	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:444) ~[?:?]*
*	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]*
*	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:412) ~[?:?]*
*	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410) ~[?:?]*
*	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:440) ~[?:?]*
*	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:420) ~[?:?]*
*	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919) ~[?:?]*
*	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166) ~[?:?]*
*	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:788) ~[?:?]*
*	at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:689) ~[?:?]*
*	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:652) ~[?:?]*
*	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562) ~[?:?]*
*	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997) ~[?:?]*
*	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) ~[?:?]*
*	at java.lang.Thread.run(Thread.java:1570) ~[?:?]*
*Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate*
*	at sun.security.ssl.Alert.createSSLException(Alert.java:130) ~[?:?]*
*	at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]*
*	at sun.security.ssl.TransportContext.fatal(TransportContext.java:365) ~[?:?]*
*	at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:287) ~[?:?]*
*	at sun.security.ssl.TransportContext.dispatch(TransportContext.java:204) ~[?:?]*
*	at sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) ~[?:?]*
*	at sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:736) ~[?:?]*
*	at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:691) ~[?:?]*
*	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:506) ~[?:?]*
*	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:482) ~[?:?]*
*	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:679) ~[?:?]*
*	at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:310) ~[?:?]*
*	at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1445) ~[?:?]*
*	at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1338) ~[?:?]*
*	at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1387) ~[?:?]*
*	at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:529) ~[?:?]*
*	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:468) ~[?:?]*
*	... 16 more*

Check what is running on this IP address on your network, from your logs it seems that you have something on this address trying to connect to the http endpoint of this node, but using the wrong certificate.

1 Like

Thankyou this helped. An agent was trying to connect with elasticsearch.