SSL_ERROR_SYSCALL error connecting to Elasticsearch using SSL CA Certificate

Giovanni_Martarello · November 20, 2023, 2:11pm

Hello

I have an Elasticsearch server that uses ssl certificates issued by a certification unit.

This is my configuration:

#----------------------- BEGIN SECURITY AUTO CONFIGURATION ---------------------- -
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 2023-07-31 19:08:06
#
# ------------------------------------------------- -------------------------------

# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
   enabled: true
   key: certs/myhost.com_2023-2024.key
   certificate: certs/myhost.com_2023-2024.pem

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
   enabled: true
   key: certs/myhost.com_2023-2024.key
   certificate: certs/myhost.com_2023-2024.pem

# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["elk1"]

# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0

# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0

However, when testing the connection, the following error returns:

[root@host-01 hostname]# curl -v -u user https://elk1.myhost.com:9200
Enter host password for user 'user':
* Rebuilt URL to: https://elk1.myhost.com:9200/
*   Trying 164.NNN.NN.NNN...
* TCP_NODELAY set
* Connected to elk1.myhost.com (164.NNN.NN.NNN) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to elk1.myhost.com:9200
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to elk1.myhost.com:9200

Thanks by support.

system · December 18, 2023, 2:11pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.