SSL Certificate problem : Unable to get local issuer certificate

Elastic Stack Elasticsearch
1

Hi,
I have deployed standalone Elasticsearch in one of the VM instance of Google Cloud(GCP).

The client(Manychat) which I use to connect to Elasticsearch only supports https, so I did the configurations to run Elasticsearch port 9200 in secured mode (HTTPS).

While trying to connect I get an error 'SSL Certificate problem : Unable to get local issuer certificate'

But unfortunately there is no provision to configure CA cert in my client(Manychat) . Also no options to disable SSL verification. When contacted Manychat customer support, they advised to turn off SSL certificate verification from Elasticsearch.

I tried with xpack.security.http.ssl.verification_mode: none , but it did not work.

Can you please suggest how to disable the certificate verification from Elasticsearch side?

As a note, I am able to connect successfully from postman ( by switching OFF SSL verification in settings)

Thank you for the help

2

Welcome!

I believe this is happening because you are using the default self-signed certificate instead of providing your own certificate. You should fix that. See Set up basic security for the Elastic Stack plus secured HTTPS traffic | Elasticsearch Guide [8.7] | Elastic

Or much easier, create a cloud.elastic.co cluster running on GCP (or select it directly from your GCP console or from Google Cloud Marketplace).

1 Like
3

Thank you for the quick response.

Unfortunately I cannot use elastic cloud due to budget constraint of my customer.

Will my client be able to communicate with elaticseaerch without certificate exchange if I use my own certificate?

Guess I still need to configure client certificate in Manychat client?

Please let me know if I am wrong here

Thank you

4

That's probably a question for Manychat.

But you can try it for free for 14 days on cloud.elastic.co. If it works out of the box, without to specify a certificate, then you can probably reproduce this.

5

Thanks a lot!
I will take your suggestions

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.