Unable to find valid certification path to requested target

Search Guard
1

ssl certificate was expired. so that
upgrading ssl certificate in search guard. Generated keystore and truststore file configured the elasticsearch.yml. after start the elastic search certificate was updated in browser and below error was showing. actually three node now i added master node certificate alone. how can i processed next step
how can i overcome the existing ssl certificate in search guard any other way.

Search Guard not initialized (SG11). See https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.md

checking elastic search log below error:
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

  • at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:?]*
  • at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[?:?]*
  • at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304) ~[?:?]*
  • at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:?]*
  • at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509) ~[?:?]*
  • at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:?]*
  • at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979) ~[?:?]*
  • at sun.security.ssl.Handshaker$1.run(Handshaker.java:919) ~[?:?]*
  • at sun.security.ssl.Handshaker$1.run(Handshaker.java:916) ~[?:?]*
  • at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_101]*
  • at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369) ~[?:?]*
  • at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1295) ~[?:?]*
  • at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1208) ~[?:?]*
  • … 18 more*
    Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  • at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387) ~[?:?]*
3

How exactly did you create the new certificates?

We recommend either our TLSTool. See here for all full example https://gist.github.com/floragunncom/11afce28a77219db92f2d76bb5a0b803

Or use the Online TLS Certificate Generator

4

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.