Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:

Hello,
I have installed elastic search 7.6.2 with HTTP support which is working fine. But, when I installed the same version with https enabled, I am getting below error when I start the elasticsearch.

search guard 7.6.2.40.0 used for https feature enable in elastic7.6.2.

    [2020-05-05T09:31:40,395][INFO ][o.e.c.r.a.AllocationService] [node-
    emf169104.nms.fnc.fujitsu.com] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[filebeat-7.6.2-2020.04.30-000001][1]]]).
    [2020-05-05T09:31:44,077][ERROR]**[c.f.s.s.h.n.SearchGuardSSLNettyHttpServerTransport] [node-emf169104.nms.fnc.fujitsu.com] Exception during establishing a SSL connection: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record:** 474554205f636c75737465722f6865616c74683f666f726d61743d6a736f6e20485454502f312e310d0a436f6e74656e742d4c656e6774683a20300d0a486f73743a20656d663136393130343a393230300d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a557365722d4167656e743a204170616368652d487474704173796e63436c69656e742f342e312e3320284a6176612f312e382e305f313231290d0a0d0a
    io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554205f636c75737465722f6865616c74683f666f726d61743d6a736f6e20485454502f312e310d0a436f6e74656e742d4c656e6774683a20300d0a486f73743a20656d663136393130343a393230300d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a557365722d4167656e743a204170616368652d487474704173796e63436c69656e742f342e312e3320284a6176612f312e382e305f313231290d0a0d0a
            at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1206) ~[netty-handler-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1274) ~[netty-handler-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:503) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:442) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:281) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1422) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:931) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:700) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:600) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:554) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:514) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.util.concurrent.SingleThreadEventExecutor$6.run(SingleThreadEventExecutor.java:1050) [netty-common-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.43.Final.jar:4.1.43.Final]
            at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201-R5]
    [2020-05-05T09:31:44,081][WARN ][o.e.h.AbstractHttpServerTransport] [node-emf169104.nms.fnc.fujitsu.com] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=0.0.0.0/0.0.0.0:9200, remoteAddress=/167.254.165.118:40212}
    io.netty.handler.codec.DecoderException: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554205f636c75737465722f6865616c74683f666f726d61743d6a736f6e20485454502f312e310d0a436f6e74656e742d4c656e6774683a20300d0a486f73743a20656d663136393130343a393230300d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a557365722d4167656e743a204170616368652d487474704173796e63436c69656e742f342e312e3320284a6176612f312e382e305f313231290d0a0d0a
            at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:473) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:281) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:352) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1422) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:374) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:360) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:931) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:700) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:600) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:554) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:514) [netty-transport-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.util.concurrent.SingleThreadEventExecutor$6.run(SingleThreadEventExecutor.java:1050) [netty-common-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74) [netty-common-4.1.43.Final.jar:4.1.43.Final]
            at java.lang.Thread.run(Thread.java:748) [?:1.8.0_201-R5]
    Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: 474554205f636c75737465722f6865616c74683f666f726d61743d6a736f6e20485454502f312e310d0a436f6e74656e742d4c656e6774683a20300d0a486f73743a20656d663136393130343a393230300d0a436f6e6e656374696f6e3a204b6565702d416c6976650d0a557365722d4167656e743a204170616368652d487474704173796e63436c69656e742f342e312e3320284a6176612f312e382e305f313231290d0a0d0a
            at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1206) ~[netty-handler-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1274) ~[netty-handler-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:503) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]
            at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:442) ~[netty-codec-4.1.43.Final.jar:4.1.43.Final]
            ... 16 more


**Below is my elasticsearch.yml configuration:**
    xpack.security.enabled: false
    searchguard.ssl.transport.keystore_filepath: keystore.jks
    searchguard.ssl.transport.keystore_password: password
    searchguard.ssl.transport.truststore_filepath: cacerts.jks
    searchguard.ssl.transport.truststore_password: password
    searchguard.ssl.transport.enforce_hostname_verification: false
    searchguard.ssl.http.enabled: true
    searchguard.ssl.http.keystore_filepath: keystore.jks
    searchguard.ssl.http.keystore_password: password
    searchguard.ssl.http.truststore_filepath: cacerts.jks
    searchguard.ssl.http.truststore_password: password


    searchguard.ssl.transport.enabled_protocols:
    - "TLSv1.2"
    searchguard.ssl.http.enabled_protocols:
    - "TLSv1.1"
    - "TLSv1.2"

    searchguard.authcz.admin_dn:
     - CN=virtuora,OU=Fujitsu Network Communications Inc,O=FNC,L=Richardson,ST=Texas,C=US

    node.master: true
    node.data: true
    transport.tcp.port: 9300

    searchguard.disabled: false

Welcome!

You should probably ask the authors of this 3rd party plugin for help.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.