rachelyang
January 27, 2025, 9:06pm
1
I am tring to upgrade Elasticsearch from 7.17 to 8.15. I've got a bad certificate error .
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate
Here is my ssl setting in elasticsearch.yml:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/node1/node1.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/node1/node1.crt
xpack.security.transport.ssl.certificate_authorities: /etc/elasticsearch/ca/ca.crt
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.key: /etc/elasticsearch/node1/node1.key
xpack.security.http.ssl.certificate: /etc/elasticsearch/node1/node1.crt
xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/ca/ca.crt
How should I change the certificate to match version 8.15?
TimV
January 28, 2025, 3:25am
2
You need to give us a lot more information.
What does your cluster look like?
How many nodes?
Do they all have the same config?
How did you do the upgrade?
Did you change settings when you upgraded?
Did you create new certificates?
What triggers the error?
Where are you seeing that error?
What is the rest of the log message?
rachelyang
January 28, 2025, 4:13pm
3
I have two Elasticsearch nodes, with one server as filebeat, one server as logstash and another server as kibana.
rachelyang
January 28, 2025, 4:16pm
4
The 8.15 elasticsearch requires the TSL configuration like this:
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
but I do not have the p12 key.
TimV
January 29, 2025, 1:22pm
5
Did you have the same configuration in 7.14?
rachelyang
January 29, 2025, 3:42pm
6
Yes, I use the same configuration as 7.14