SSLHandshakeException: General SSLEngine problem

Hi I am trying to restore an index from one machine to another, with reindex, the problem is that I am having an error that I imagine is linked to search guard.

The source is the machine 128.95.36.46 and the target is 128.95.36.12. I tried to find how to do it, but I admit I didn’ t find some step by step guide. I imagine that I should pass the login and password some how, and I am pretty sure is this the problem. The thing is that i don’ t know how!

when I try this in Kibaana over the machine 128.95.36.46

POST _reindex
{
“source”: {
“remote”: {
“host”: “https://128.95.36.12:9200
},
“index”: “test1”,
“size”: 10
},
“dest”: {
“index”: “test1”
}
}

I receive the following answer:

{
“error”: {
“root_cause”: [
{
“type”: “s_s_l_handshake_exception”,
“reason”: “General SSLEngine problem”
}
],
“type”: “s_s_l_handshake_exception”,
“reason”: “General SSLEngine problem”,
“caused_by”: {
“type”: “s_s_l_handshake_exception”,
“reason”: “General SSLEngine problem”,
“caused_by”: {
“type”: “validator_exception”,
“reason”: “PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”,
“caused_by”: {
“type”: “sun_cert_path_builder_exception”,
“reason”: “unable to find valid certification path to requested target”
}
}
}
},
“status”: 500
}

The configuration of the whitelist is reindex.remote.whitelist: 128.95.36.46:9200 in one machine and reindex.remote.whitelist: 128.95.36.12:9200 on the other, is the only thing that changes on the elasticsearc.yml from the two servers. The config files are in attachment to the message.

Thank you for any help :slight_smile:

– Daniel

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version : 6.2.2

  • Installed and used enterprise modules: No

  • JVM version and operating system version: 1.8.0_162 HotSpot

  • Search Guard configuration files

  • Elasticsearch log messages on debug level

[2018-05-23T18:05:18,318][WARN ][r.suppressed ] path: /_reindex, params: {}
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478) ~[?:?]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[?:?]
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214) ~[?:?]
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186) ~[?:?]
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) ~[?:1.8.0_121]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:265) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:305) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:509) ~[?:?]
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120) ~[?:?]
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162) ~[?:?]
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337) ~[?:?]
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) ~[?:?]
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) ~[?:?]
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) ~[?:?]
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588) ~[?:?]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[?:?]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304) ~[?:?]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:?]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) ~[?:?]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353) ~[?:?]
… 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[?:?]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:?]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:?]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501) ~[?:?]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353) ~[?:?]
… 9 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_121]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[?:?]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:?]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:?]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501) ~[?:?]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353) ~[?:?]
… 9 more

  • Other installed Elasticsearch or Kibana plugins, if any

sg_config.yml (9.4 KB)

elasticsearch.yml (3.98 KB)

this is likely related to https://github.com/floragunncom/search-guard-ssl/issues/76

···

Am 23.05.2018 um 18:31 schrieb Daniel Camara <danielcamara@gmail.com>:

Hi I am trying to restore an index from one machine to another, with reindex, the problem is that I am having an error that I imagine is linked to search guard.

The source is the machine 128.95.36.46 and the target is 128.95.36.12. I tried to find how to do it, but I admit I didn' t find some step by step guide. I imagine that I should pass the login and password some how, and I am pretty sure is this the problem. The thing is that i don' t know how!

when I try this in Kibaana over the machine 128.95.36.46

POST _reindex
{
  "source": {
    "remote": {
      "host": "https://128.95.36.12:9200"
    },
    "index": "test1",
    "size": 10
  },
  "dest": {
    "index": "test1"
  }
}

I receive the following answer:

{
  "error": {
    "root_cause": [
      {
        "type": "s_s_l_handshake_exception",
        "reason": "General SSLEngine problem"
      }
    ],
    "type": "s_s_l_handshake_exception",
    "reason": "General SSLEngine problem",
    "caused_by": {
      "type": "s_s_l_handshake_exception",
      "reason": "General SSLEngine problem",
      "caused_by": {
        "type": "validator_exception",
        "reason": "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
        "caused_by": {
          "type": "sun_cert_path_builder_exception",
          "reason": "unable to find valid certification path to requested target"
        }
      }
    }
  },
  "status": 500
}

The configuration of the whitelist is reindex.remote.whitelist: 128.95.36.46:9200 in one machine and reindex.remote.whitelist: 128.95.36.12:9200 on the other, is the only thing that changes on the elasticsearc.yml from the two servers. The config files are in attachment to the message.

Thank you for any help :slight_smile:

-- Daniel

When asking questions, please provide the following information:

* Search Guard and Elasticsearch version : 6.2.2
* Installed and used enterprise modules: No
* JVM version and operating system version: 1.8.0_162 HotSpot
* Search Guard configuration files

* Elasticsearch log messages on debug level

[2018-05-23T18:05:18,318][WARN ][r.suppressed ] path: /_reindex, params: {}
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478) ~[?:?]
    at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[?:?]
    at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214) ~[?:?]
    at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186) ~[?:?]
    at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) ~[?:1.8.0_121]
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:265) ~[?:?]
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:305) ~[?:?]
    at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:509) ~[?:?]
    at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120) ~[?:?]
    at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162) ~[?:?]
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337) ~[?:?]
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) ~[?:?]
    at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) ~[?:?]
    at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) ~[?:?]
    at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588) ~[?:?]
    at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?]
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[?:?]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304) ~[?:?]
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:?]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) ~[?:?]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:?]
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:?]
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:?]
    at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
    at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:?]
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283) ~[?:?]
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353) ~[?:?]
    ... 9 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[?:?]
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:?]
    at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:?]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501) ~[?:?]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:?]
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:?]
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:?]
    at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
    at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:?]
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283) ~[?:?]
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353) ~[?:?]
    ... 9 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?]
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?]
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_121]
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[?:?]
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:?]
    at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:?]
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:?]
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501) ~[?:?]
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:?]
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:?]
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:?]
    at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
    at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:?]
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283) ~[?:?]
    at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353) ~[?:?]
    ... 9 more

* Other installed Elasticsearch or Kibana plugins, if any

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/e581701d-0450-4fd2-88c7-e4373c264001%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
<sg_config.yml><elasticsearch.yml>

So just to clarify, this is related to an Elastissearch bug. We raised an issue in the ES repo:

···

On Thursday, May 24, 2018 at 10:06:22 PM UTC+2, Search Guard wrote:

this is likely related to https://github.com/floragunncom/search-guard-ssl/issues/76

Am 23.05.2018 um 18:31 schrieb Daniel Camara danielcamara@gmail.com:

Hi I am trying to restore an index from one machine to another, with reindex, the problem is that I am having an error that I imagine is linked to search guard.

The source is the machine 128.95.36.46 and the target is 128.95.36.12. I tried to find how to do it, but I admit I didn’ t find some step by step guide. I imagine that I should pass the login and password some how, and I am pretty sure is this the problem. The thing is that i don’ t know how!

when I try this in Kibaana over the machine 128.95.36.46

POST _reindex

{

“source”: {

"remote": {
  "host": "[https://128.95.36.12:9200](https://128.95.36.12:9200)"
},
"index": "test1",
"size": 10

},

“dest”: {

"index": "test1"

}

}

I receive the following answer:

{

“error”: {

"root_cause": [
  {
    "type": "s_s_l_handshake_exception",
    "reason": "General SSLEngine problem"
  }
],
"type": "s_s_l_handshake_exception",
"reason": "General SSLEngine problem",
"caused_by": {
  "type": "s_s_l_handshake_exception",
  "reason": "General SSLEngine problem",
  "caused_by": {
    "type": "validator_exception",
    "reason": "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
    "caused_by": {
      "type": "sun_cert_path_builder_exception",
      "reason": "unable to find valid certification path to requested target"
    }
  }
}

},

“status”: 500

}

The configuration of the whitelist is reindex.remote.whitelist: 128.95.36.46:9200 in one machine and reindex.remote.whitelist: 128.95.36.12:9200 on the other, is the only thing that changes on the elasticsearc.yml from the two servers. The config files are in attachment to the message.

Thank you for any help :slight_smile:

– Daniel

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version : 6.2.2
  • Installed and used enterprise modules: No
  • JVM version and operating system version: 1.8.0_162 HotSpot
  • Search Guard configuration files
  • Elasticsearch log messages on debug level

[2018-05-23T18:05:18,318][WARN ][r.suppressed ] path: /_reindex, params: {}

javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478) ~[?:?]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[?:?]
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214) ~[?:?]
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186) ~[?:?]
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) ~[?:1.8.0_121]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doWrap(SSLIOSession.java:265) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:305) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:509) ~[?:?]
at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120) ~[?:?]
at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162) ~[?:?]
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337) ~[?:?]
at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315) ~[?:?]
at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276) ~[?:?]
at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104) ~[?:?]
at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:588) ~[?:?]
at java.lang.Thread.run(Thread.java:745) [?:1.8.0_121]

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[?:?]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304) ~[?:?]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:?]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) ~[?:?]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353) ~[?:?]
... 9 more

Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[?:?]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:?]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:?]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501) ~[?:?]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353) ~[?:?]
... 9 more

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[?:?]
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[?:?]
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[?:1.8.0_121]
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382) ~[?:?]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292) ~[?:?]
at sun.security.validator.Validator.validate(Validator.java:260) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[?:?]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501) ~[?:?]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:966) ~[?:?]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:963) ~[?:?]
at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_121]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1416) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doRunTask(SSLIOSession.java:283) ~[?:?]
at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:353) ~[?:?]
... 9 more
  • Other installed Elasticsearch or Kibana plugins, if any


You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/e581701d-0450-4fd2-88c7-e4373c264001%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

<sg_config.yml><elasticsearch.yml>