Unable to connect over https

Chuck_Reynolds · June 13, 2023, 2:59pm

I'm unable to connect my python client to Elasticsearch over https.

I've configure https via the the elasticsearch.yml file with the following 2 lines.

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: essvc-regiment-neptune-es-dev.ancestrydata.int-06062023.p12

I'm able to hit the endpoint https://xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: essvc-regiment-neptune-es-dev.ancestrydata.int-06062023.p12/_cat/nodes with out any issues.

When I try communicating from my python code.

from elasticsearch import Elasticsearch
from ssl import create_default_context
from elasticsearch import RequestsHttpConnection

ssl_context = create_default_context()

Set the path to the CA certificate file

ssl_context.load_verify_locations(cafile="/Users/creynolds/Downloads/essvc-regiment-neptune-es-dev.ancestrydata.int-06062023.pem")

Create an Elasticsearch instance with HTTPS connection

context = create_default_context(cafile="/Users/creynolds/Downloads/essvc-regiment-neptune-es-dev.ancestrydata.int-06062023.pem")

es = Elasticsearch(['https://essvc-regiment-neptune-es-dev.ancestrydata.int:9200'], http_auth=("elastic", "AveZDd5gYqWC0qUa09Hl"), ssl_context=ssl_context ) #,use_ssl=True, verify_certs=True, ca_certs="/Users/creynolds/Downloads/essvc-regiment-neptune-es-dev.ancestrydata.int-06062023.p12",) #,ssl_context=ssl_context)

es = Elasticsearch(['https://essvc-regiment-neptune-es-dev.ancestrydata.int:9200'], connection_class=RequestsHttpConnection, use_ssl=True, http_auth=("elastic", "AveZDd5gYqWC0qUa09Hl"), verify_certs=True, ssl_context=ssl_context) #, use_ssl=True, ssl_context=ssl_context) #verify_certs=False)

print(es.info())

I get this error:
Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))) caused by: SSLError(HTTPSConnectionPool(host='essvc-regiment-neptune-es-dev.ancestrydata.int', port=9200): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)'))))
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)

warkolm · June 13, 2023, 11:46pm

Please format your code/logs/config using the </> button, or markdown style back ticks. It helps to make things easy to read which helps us help you

Chuck_Reynolds · June 14, 2023, 1:58pm

I'm unable to connect my python client to Elasticsearch over https.

I've configure https via the the elasticsearch.yml file with the following 2 lines.

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: essvc-regiment-neptune-es-dev.ancestrydata.int-06062023.p12

I'm able to hit the endpoint https://xpack.security.http.ssl.enabled: true xpack.security.http.ssl.keystore.path: essvc-regiment-neptune-es-dev.ancestrydata.int-06062023.p12/_cat/nodes with out any issues.

When I try communicating from my python code.

from elasticsearch import Elasticsearch
from ssl import create_default_context
from elasticsearch import RequestsHttpConnection

ssl_context = create_default_context()

# Set the path to the CA certificate file

ssl_context.load_verify_locations(cafile="/Users/creynolds/Downloads/essvc-regiment-neptune-es-dev.ancestrydata.int-06062023.pem")

# Create an Elasticsearch instance with HTTPS connection

context = create_default_context(cafile="/Users/creynolds/Downloads/essvc-regiment-neptune-es-dev.ancestrydata.int-06062023.pem")

# es = Elasticsearch(['[https://essvc-regiment-neptune-es-dev.ancestrydata.int:9200 ](https://essvc-regiment-neptune-es-dev.ancestrydata.int:9200)'], http_auth=("elastic", "AveZDd5gYqWC0qUa09Hl"), ssl_context=ssl_context ) #,use_ssl=True, verify_certs=True, ca_certs="/Users/creynolds/Downloads/essvc-regiment-neptune-es-dev.ancestrydata.int-06062023.p12",) #,ssl_context=ssl_context)

es = Elasticsearch(['[https://essvc-regiment-neptune-es-dev.ancestrydata.int:9200 ](https://essvc-regiment-neptune-es-dev.ancestrydata.int:9200)'], connection_class=RequestsHttpConnection, use_ssl=True, http_auth=("elastic", "AveZDd5gYqWC0qUa09Hl"), verify_certs=True, ssl_context=ssl_context) #, use_ssl=True, ssl_context=ssl_context) #verify_certs=False)

print(es.info())

I get this error:

Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)')))) caused by: SSLError(HTTPSConnectionPool(host='essvc-regiment-neptune-es-dev.ancestrydata.int', port=9200): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)'))))
ssl.SSLCertVerificationError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self signed certificate in certificate chain (_ssl.c:1129)
```

Sunile_Manjee · June 15, 2023, 3:16am

Are these self signed certs? if so, please try this

es = Elasticsearch(
    ['https://essvc-regiment-neptune-es-dev.ancestrydata.int:9200'],
    use_ssl=True,
    verify_certs=False,
)

system · July 13, 2023, 3:17am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.