Is it possible to disable the server from checking the clients?
Even when I have this set:
xpack.security.http.ssl.client_authentication: none
When I try to import anything using a script I get this:
at java.lang.Thread.run(Thread.java:1623) ~[?:?]
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
I can browse to the ES server on 9200 fine from the client.
If you see this error message in the server log, it means your client did not trust the server certificate. Therefore xpack.security.http.ssl.client_authentication is irrelevant, you need to adjust your client configuration.
Btw, since the shared error message is very brief, I am assuming it was indeed related to Elasticsearch's HTTP interface.
Yes it was just when trying to import data.
It's strange because HTTP does look to be working ok when in a browser using https but then the client doesn't trust it for some reason?
It's often the case with self signed certificates.
Try:
curl https://localhost:9200
It should fail as well unless you pass the -k option.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.