Hi All,
Before installing Search Guard I use to upload data to Elasticsearch using ExcelasticCheck here
And it worked perfectly fine. This helped me to avoid using logstash which is heavy.
After installing Search Guard I changed Excelastic config which have feature to add TLS username password in case we want to upload data with tls security. THis is its config file details:-
{
“web_port”: 7777,
“elastic_port”: 9200,
“elastic_host”: “localhost”,
“elastic_tls”: true,
“authentication”: true,
“basic”: “admin:admin”
}
Search Guard has been configured according to their documentation with demo certificates.
These are the log details of ElasticSearch.
[2019-04-04T10:14:30,602][ERROR][c.f.s.h.SearchGuardHttpServerTransport] [OCMpWyk] SSL Problem Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Unknown Source) ~[?:?]
at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) ~[?:?]
at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source) ~[?:?]
at sun.security.ssl.SSLEngineImpl.recvAlert(Unknown Source) ~[?:?]
at sun.security.ssl.SSLEngineImpl.readRecord(Unknown Source) ~[?:?]
at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source) ~[?:?]
at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source) ~[?:?]
at javax.net.ssl.SSLEngine.unwrap(Unknown Source) ~[?:1.8.0_74]
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:281) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1215) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1127) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1162) ~[netty-handler-4.1.16.Final.jar:4.1.16.Final]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:489) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:428) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1359) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:935) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:545) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:499) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.16.Final.jar:4.1.16.Final]
at java.lang.Thread.run(Unknown Source) [?:1.8.0_74]
These are the log details of Excelastic :-
> Apr 04, 2019 10:14:30 AM io.vertx.core.http.impl.HttpClientRequestImpl
> SEVERE: javax.net.ssl.SSLHandshakeException: Failed to create SSL connection
> Apr 04, 2019 10:14:30 AM io.netty.channel.DefaultChannelPipeline onUnhandledInbo
> undException
> WARNING: An exceptionCaught() event was fired, and it reached at the tail of the
> pipeline. It usually means the last handler in the pipeline did not handle the
> exception.
> io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Ge
> neral SSLEngine problem
> at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageD
> ecoder.java:459)
> at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessage
> Decoder.java:265)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(Abst
> ractChannelHandlerContext.java:362)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(Abst
> ractChannelHandlerContext.java:348)
> at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(Abstra
> ctChannelHandlerContext.java:340)
> at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(Defau
> ltChannelPipeline.java:1359)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(Abst
> ractChannelHandlerContext.java:362)
> at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(Abst
> ractChannelHandlerContext.java:348)
> at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChanne
> lPipeline.java:935)
> at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(Abstra
> ctNioByteChannel.java:141)
> at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.jav
> a:645)
> at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEve
> ntLoop.java:580)
> at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.ja
> va:497)
> at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459)
> at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThread
> EventExecutor.java:886)
> at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalR
> unnable.java:30)
> at java.lang.Thread.run(Unknown Source)
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Handshaker.checkThrown(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.readNetRecord(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)
> at javax.net.ssl.SSLEngine.unwrap(Unknown Source)
> at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.jav
> a:292)
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1248)
> at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1
> 159)
> at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1194)
> at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProte
> ction(ByteToMessageDecoder.java:489)
> at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageD
> ecoder.java:428)
> ... 16 more
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
> at sun.security.ssl.Alerts.getSSLException(Unknown Source)
> at sun.security.ssl.SSLEngineImpl.fatal(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
> at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
> at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
> at sun.security.ssl.Handshaker.processLoop(Unknown Source)
> at sun.security.ssl.Handshaker$1.run(Unknown Source)
> at sun.security.ssl.Handshaker$1.run(Unknown Source)
> at java.security.AccessController.doPrivileged(Native Method)
> at sun.security.ssl.Handshaker$DelegatedTask.run(Unknown Source)
> at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:140
> 8)
> at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1316)
> ... 20 more
> Caused by: sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find vali
> d certification path to requested target
> at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
> at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
> at sun.security.validator.Validator.validate(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Sour
> ce)
> ... 29 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to
> find valid certification path to requested target
> at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Sourc
> e)
> at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
> Source)
> at java.security.cert.CertPathBuilder.build(Unknown Source)
> ... 35 more
It seems I have to add certificates for Excelastic but how and where?
Can anyone suggest how to solve this issue?
If not what are other possible options to upload data to current index in elasticsearch in easy manner?