Elasticsearch cluster chain cert null excpetion

tmporary · June 4, 2020, 11:10am

Hi, I'm trying to setup a ssl for elasticsearch (both for encryption of communication and client authentication). Currently I'm trying to run cluster configuration with one node on my local machine with below setup:

cluster.name: local_test_cluster

node.name: master_main

network.host: 0.0.0.0

bootstrap.memory_lock: true

node.master: true
node.data: false

discovery.seed_hosts: localhost:9300

cluster.initial_master_nodes: master_main


xpack:
  security:
    enabled: true
    transport:
      ssl:
        enabled: true
        verification_mode: certificate
        keystore:
          path: certs/cert.p12
          password: xyz
          type: PKCS12
        truststore:
          path: certs/cert.p12
          password: xyz
          type: PKCS12
    http:
      ssl:
        enabled: true
        verification_mode: certificate
        client_authentication: optional
        keystore:
          path: certs/cert.p12
          password: xyz
          type: PKCS12
        truststore:
          path: certs/cert.p12
          password: XYZ
          type: PKCS12
  monitoring:
    enabled: true

and I am geting below error when elasticsearch starts up

[2020-06-04T13:04:31,605][WARN ][o.e.t.OutboundHandler] [master_main] send message failed [channel: Netty4TcpChannel
{localAddress=0.0.0.0/0.0.0.0:63581, remoteAddress=localhost/0:0:0:0:0:0:0:1:9300}]
javax.net.ssl.SSLException: Received fatal alert: bad_certificate
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:214) ~[?:?]
		
[2020-06-04T13:04:31,605][WARN ][o.e.t.TcpTransport       ] [master_main] exception caught on transport layer [Netty4Tcp
Channel{localAddress=0.0.0.0/0.0.0.0:9300, remoteAddress=/0:0:0:0:0:0:0:1:63581}], closing connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: null cert chain

Any ideas on what im doing wrong here?

tmporary · June 5, 2020, 7:46am

Is anyone even active here?

dadoonet · June 5, 2020, 8:04am

Please be patient in waiting for responses to your question and refrain from pinging multiple times asking for a response or opening multiple topics for the same question. This is a community forum, it may take time for someone to reply to your question. For more information please refer to the Community Code of Conduct specifically the section "Be patient". Also, please refrain from pinging folks directly, this is a forum and anyone that participates might be able to assist you.

If you are in need of a service with an SLA that covers response times for questions then you may want to consider talking to us about a subscription.

It's fine to answer on your own thread after 2 or 3 days (not including weekends) if you don't have an answer.

system · July 3, 2020, 8:04am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.