SSL Problem Received fatal alert: certificate_unknown and Caused by: java.security.cert.CertificateExpiredException: NotAfter

In my Elastic serarch version 5.5.1 version search is not working and noticed some errors in log file.

Node 2 error : SSL Problem Received fatal alert: certificate_unknown
Please verify certs files and let me know the reason and resolution for this issue.
I have attached Search guard config file, keystore and tructkey files, elasticsearch.yml and elastic log file from stage nodes.

Node1.zip (623.0 KB)

  • [Elasticsearch logfiles

elastic552stage_node2bkp.log.gz (1.3 MB)

In production ES log showing below error message :
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Sep 20 16:10:14 EDT 2019
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:274) ~[?:?]
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:629) ~[?:?]
at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:190) ~[?:?]
at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:144) ~[?:?]
at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:119) ~[?:?]
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:212) ~[?:?]
at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140) ~[?:?]
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79) ~[?:?]
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) ~[?:1.8.0_40]
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:347) ~[?:?]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260) ~[?:?]

Your certificates are expired. You need to create new ones. We recommend to use https://docs.search-guard.com/latest/offline-tls-tool for that purpose.

we have admin and other TTL certs in SG storage already. so can you please let me the SG cert update procedure from given url.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.