TechQA.

SSL Certi1ficate Issue: certificate verify failed: self-signed certificate in certificate chain

65 views Asked by At

Hihi, i have been having issue trying to connect my SharePoint connector 2016 to elastic. My Elastic and Kibana are both running locally on Windows, while i trying to run my connector in WSL-Ubuntu. I have no issue running curl -v https://localhost:9200 and it gives me the results here:

enter image description here

but when i try to run the connectiong using the command make run, it gives me error:

enter image description here Not sure what the real problem here. I have tried to copy cert from my local machine to ubuntu following this thread: SSL: CERTIFICATE_VERIFY_FAILED certificate verify failed : self signed certificate in certificate chain (_ssl.c:992)

I also have tried use_ssl: False and verify_certs: False Here are the versions i use:

Connector source : https://github.com/elastic/connectors

ElasticSearch: 8.12.2

Kibana: 8.12.2

WSL: 2.1.5.0

WSL Distro: Ubuntu

elasticsearch.yml

# Enable security features
xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12

connector config.yml

connectors:
-
  connector_id: "adrl8o0BJBmtFMDNEQQR"
  service_type: "sharepoint_server"
  api_key: "OVNnUFVJNEJHS3dvQy1XdVFEWFQ6NFZsWU5tc21ScHl4OXVLYzVzM0Z5dw=="
elasticsearch:
  host: "https://localhost:9200"
  api_key: "OVNnUFVJNEJHS3dvQy1XdVFEWFQ6NFZsWU5tc21ScHl4OXVLYzVzM0Z5dw=="
elasticsearch ssl-certificate elastic-stack wsl-2 python-3.10
Original Q&A
1

There are 1 answers

2
Piohen On

Are you sure that for the first command exactly curl -v https://localhost:9200 was used, not e.g. curl -v --insecure -u "elastic:changeme" https://localhost:9200?

I don't know the client technology used here, but whenever there's secure connection with a self-signed certificate used, the certificate has to be either trusted or ignored by the client application.

In case of curl this is exactly what --insecure or -k is doing: using HTTPS regardless of the issuer of the certificate.

For the record: the client can't say "don't use secure connection" if the server requires one, hence telling the client use_ssl: false won't make things work. Unless SSL is disabled at server too (not recommended).

For production usage it may make sense to switch to trusted certificate. Or if self-signed is to be used, to make this CA trusted, e.g. by exporting it and then using with elasticsearch.ca_certs

Related Questions in ELASTICSEARCH

Related Questions in SSL-CERTIFICATE

Related Questions in ELASTIC-STACK

Related Questions in WSL-2

Related Questions in PYTHON-3.10

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions