"io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record" after ssl enabling my cluster

Bob_Metelsky · March 21, 2017, 6:19pm

Im setting this up - per the course

I'm guessing this will protect the 9200-9300 ports of elasticsearch.
This would be from either this
https://nn775:9200/sales_record/_search?pretty

or kibana tryining to connect to elastic

this is my elsticsearch.yml file

...
CODE
....
xpack:
ssl:
key: /usr/share/elasticsearch/bin/config/x-pack/nn775/nn775.key
certificate: /usr/share/elasticsearch/bin/config/x-pack/nn775/nn775.crt
# This points to where the CA cert is - every node shares this
certificate_authorities: /usr/share/elasticsearch/bin/config/ca/ca.crt

    # We need to ensure that the transport (port 9300) and HTTP (port
    # 9200) protocols secure communication is enabled:
    xpack:
        security:
            transport.ssl.enabled: true
            http.ssl.enabled: true

    # AUDIT ########################################################
    xpack.security.audit.enabled: true
    xpack.security.audit.outputs: [ index, logfile ]
    xpack.security.audit.index.settings:
      index:
        number_of_shards: 1
        number_of_replicas: 1

    xpack.security.audit.logfile.events.exclude: [ access_granted ]
    xpack.security.audit.index.events.exclude: [ access_granted ]

    ###################################################################
    #xpack.monitoring.enabled: false
    #Set to false to disable X-Pack monitoring. Configure in both elasticsearch.yml and kibana.yml.

    #xpack.graph.enabled: false
    #Set to false to disable X-Pack graph. Configure in both elasticsearch.yml and kibana.yml.

    #xpack.watcher.enabled: false
    #Set to false to disable Watcher. Configure in elasticsearch.yml only.

    #xpack.reporting.enabled: false
    #Set to false to disable X-Pack reporting. Configure in kibana.yml only.

    bootstrap.system_call_filter: false
    cluster.name: EScluster-rack2
    node.name: ${HOSTNAME}
    node.master: true
    node.data: true
    network.host: ${HOSTNAME}
    http.port: 9200
    discovery.zen.minimum_master_nodes: 3
    path.data: /mnt/data/elk/5.2.data
    path.logs: /var/log/elasticsearch
    #
    # Make sure that the `ES_HEAP_SIZE` environment variable is set to about half the memory
    # available on the system and that the owner of the process is allowed to use this limit.
    #
    discovery.zen.ping.unicast.hosts: ["nn775","sn776","dn777","dn778","dn779"]
    #
    # node.max_local_storage_nodes: 1
    # Require explicit names when deleting indices:
    # action.destructive_requires_name: true

...
CODE
...

I wasnt getting these errors before I added the certs to the elasticsearc.xml

Topic		Replies	Views
io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record: Elasticsearch	2	2758	June 5, 2018
ssl.NotSslRecordException Elasticsearch elastic-stack-security	7	2551	July 1, 2019
After having xpack security in place in elasticsearch cluster, cluster not working as expected Elasticsearch elastic-stack-security	2	391	April 10, 2019
NotSslRecordException: not an SSL/TLS record while adding New Node to Cluster Elasticsearch elastic-stack-security , docker	3	1773	December 25, 2021
Node throwing exception: NotSslRecordException Elasticsearch	3	3142	March 11, 2018

"io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record" after ssl enabling my cluster

Related topics