Getting Authentication Exception even CA cert is provided (python)

Brian_Chan · August 4, 2022, 4:04am

Hi everyone, I have a self-managed elasticsearch 8.3.0 cluster with security enabled.

When using python client, even I included the CA cert, I still get the error: AuthenticationException(401, 'security_exception', 'missing authentication credentials for REST request [/]')

My code is here:

from elasticsearch import Elasticsearch, RequestsHttpConnection
from ssl import create_default_context

context = create_default_context(cafile='elasticsearch-ca.pem')
context.check_hostname = False

node = ['https://192.168.5.41:9200', 'https://192.168.5.42:9200', 'https://192.168.5.43:9200']

es_connection = Elasticsearch(node, basic_auth=("connector", "connector"), verify_certs=False, ssl_context=context)

I would be grateful if someone can help me with this issue. Thanks a lot.

stephenb · August 4, 2022, 5:41am

Hi @Brian_Chan Welcome to the community.

Have you tried the method shown in the docs here

Authentication error typically means you invalid username and or password.

Also I suspect you may need a full path to the cert.

And if you did a default install You're using the wrong cert. You want to use the CA that was generated see below

from elasticsearch import Elasticsearch

# Password for the 'elastic' user generated by Elasticsearch
ELASTIC_PASSWORD = "<password>"

# Create the client instance
client = Elasticsearch(
    "https://localhost:9200",
    ca_certs="/path/to/http_ca.crt",
    basic_auth=("elastic", ELASTIC_PASSWORD)
)

# Successful response!
client.info()

Brian_Chan · August 4, 2022, 6:07am

Hi @stephenb, thank you for your responds.

I can successfully connect to my cluster now. I did two actions: 1. upgrade my python library which match my elasticsearch version. 2. authorize my user account to superuser.

May I ask is it really necessary to give the user all the permission in order to use the python client?

stephenb · August 4, 2022, 1:50pm

No most our samples show the elastic user for consistency.

You can create a user and a role with the specific permissions that you want and use it.

Just read up on users and roles and set it up And you will be fine.

system · September 1, 2022, 1:51pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.