Curl ssl error to elasticsearch server via filebeat

This is my filebeat output test :

filebeat test output

  parse url... OK
    parse host... OK
    dns lookup... OK
    dial up... OK
    security: server's certificate chain verification is enabled
    handshake... OK
    TLS version: TLSv1.3
    dial up... OK
  talk to server... OK
  version: 8.10.4

but when I curl from filebeat to elasticsearch it is showing SSL error :

curl -v -XGET "" -u elastic --cacert /etc/filebeat/certs/http_ca.crt
Enter host password for user 'elastic':
* About to connect() to port 9200 (#0)
*   Trying connected
* Connected to ( port 9200 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/filebeat/certs/http_ca.crt
  CApath: none
* NSS error -12190
* Closing connection #0
* SSL connect error
curl: (35) SSL connect error

That may be no read permission on the file for the user running curl

NSS error -12190 is due to a TLS version mismatch.

At a guess, your ES node is configured to only support modern TLS versions, but your version of curl is quite old and isn't compatible with those versions.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.