Elasticsearch https secure communication

Hi All,

I have secured my cluster's (3 nodes) http communication as below:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/cert/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/cert/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/cert/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /etc/elasticsearch/cert/elastic-certificates.p12
(The certificates are generated with elasticsearch-certutil. I have copied the same certs to all nodes.)
Everything work fine, but my logs are full of WARNs like below (cluster's IP addresses between xxx.xxx.xxx.210 and xxx.xxx.xxx.212):

[2020-01-29T11:04:04,170][WARN ][o.e.h.AbstractHttpServerTransport] [abc-i-elastic03] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/xxx.xxx.xxx.212:9200, remoteAddress=/xxx.xxx.xxx.211:55756}
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate

Version: 7.5.2

Please help me how to avoid these warnings. Thanks!

Something in xxx.xxx.xxx.211:55756 is attempting to connect to Elasticsearch over HTTP over TLS on port 9200 and fails as it doesn't trust Elasticsearch's certificate.
You need to figure out what is running on /xxx.xxx.xxx.211:55756 and configure it to trust the certificate

Sorry, it was Metricbeat.

It was a certificate issue.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.