http client did not trust this server‘s certificate, closing connection Netty4HttpChannel

最新推荐文章于 2024-07-19 17:15:28 发布
最新推荐文章于 2024-07-19 17:15:28 发布
阅读量957 收藏 18
点赞数 16
分类专栏: es 大数据 文章标签: http 网络 服务器
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/u011250186/article/details/139778267
版权
大数据 同时被 2 个专栏收录
590 篇文章 28 订阅
订阅专栏
es
55 篇文章 4 订阅
订阅专栏

logstach写入es报错:

logstach 端报错:

[WARN ] 2024-06-18 16:54:19.159 [Ruby-0-Thread-5: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@39.134.86.100:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@39.134.86.100:9200/][Manticore::ClientProtocolException] PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed"}
[WARN ] 2024-06-18 16:54:19.166 [Ruby-0-Thread-7: :1] elasticsearch - Attempted to resurrect connection to dead ES instance, but got an error. {:url=>"https://elastic:xxxxxx@39.134.86.100:9200/", :error_type=>LogStash::Outputs::ElasticSearch::HttpClient::Pool::HostUnreachableError, :error=>"Elasticsearch Unreachable: [https://elastic:xxxxxx@39.134.86.100:9200/][Manticore::ClientProtocolException] PKIX path validation failed: java.security.cert.CertPathValidatorException: validity check failed"}
 

es日志报错:

[2024-06-18T16:52:18,943][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-68] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/39.134.86.100:9200, remoteAddress=/39.134.86.100:37824}
[2024-06-18T16:52:18,944][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-68] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/39.134.86.100:9200, remoteAddress=/39.134.86.100:37828}
[2024-06-18T16:52:23,950][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-68] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/39.134.86.100:9200, remoteAddress=/39.134.86.100:37862}
[2024-06-18T16:52:23,950][WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [node-68] http client did not trust this server's certificate, closing connection Netty4HttpChannel{localAddress=/39.134.86.100:9200, remoteAddress=/39.134.86.100:37864}

解决参考: 

elasticsearch - Enabling TLS/SSL in elastic and logstash 7.1.0 - Stack Overflow

Enabling TLS/SSL in elastic and logstash 7.1.0

I am trying to connect logstash to elasticsearch-7.1.0 which has TLS/SSL enabled using basic license. But every time when logstash tries to connect to the elastic, "http client did not trust this server's certificate, closing connection Netty4HttpChannel" warning is thrown by elastic.

I have generated certificates using both certutil and certgen but i think both the certificates does not have the trusted author. how to generate a certificate with trusted author? Or it might be the scenario that in basic license version elasticsearch-7.1.0 can we use TLS/SSL for logstash?

My elasticsearch.yml 
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.key: path/to/the/key/ca.key
xpack.security.transport.ssl.certificate: path/to/the/cert/ca.crt
xpack.security.transport.ssl.certificate_authorities: [ 
"path/to/the/cert/ca.crt" ]

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/elastic-certificate 
xpack.security.http.ssl.truststore.path: certs/elastic-certificate
xpack.security.http.ssl.verification_mode: certificate
My logstash.yml
xpack.monitoring.enabled: false
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: changeit
xpack.monitoring.elasticsearch.hosts: ["https://localhost:9200"]

xpack.monitoring.elasticsearch.ssl.truststore.path:certs/elastic- 
certificate
xpack.monitoring.elasticsearch.ssl.truststore.password: password
xpack.monitoring.elasticsearch.ssl.keystore.path:certs/elastic- 
certificate
xpack.monitoring.elasticsearch.ssl.keystore.password: password
xpack.monitoring.elasticsearch.ssl.verification_mode: certificate

the warning i am getting is --" http client did not trust this server's certificate, closing connection Netty4HttpChannel"

Try to add ssl_certificate_verification => false or path to CA cert cacert => '/etc/elasticsearch/ca/key.pem' into logstash configuration:

output {
  elasticsearch {
    hosts => ["http://localhost:9200"]
    ssl => true

    ssl_certificate_verification => false
    #or
    cacert => '/etc/elasticsearch/ca/key.pem'
    }
}

zxfBdd
关注
  • 16
    点赞
  • 18
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
linux-jdl.7z
06-11
2. 将解压后的目录移动到一个系统路径下,比如`/usr/lib/jvm`,并创建符号链接,如`sudo ln -s /path/to/jdk1.8.0_191 /usr/lib/jvm/java-8-oracle`。 3. 更新系统环境变量,例如在`~/.bashrc`或`~/.bash_profile`中...
client did not trust this server‘s certificate, closing connection Netty4TcpChannel{localAddress=
u011250186的博客
06-20 66
client did not trust this server's certificate, closing connection Netty4TcpChannel{localAddress=
server_v1.0.rar_The Client
09-23
4. **连接接受(Accepting Connections)**:当有客户端尝试连接时,`accept()`函数会返回一个新的套接字用于与客户端通信,而原始套接字继续监听新的连接。 5. **数据交换(Data Transfer)**:服务器使用`read()`...
Introducing the SAP Financial Closing Cockpit for SAP S4HANA.zip
06-01
sap press doc 解压密码:abap_developer
KEYNOTE 4 (CLOSING) - Barry Greene - Can Vendors Ever Provide Se
10-25
【标题】"KEYNOTE 4 (CLOSING) - Barry Greene - Can Vendors Ever Provide Secure Solutions-" 是一个会议或活动的闭幕主题演讲,由Barry Greene主讲,讨论的核心议题是供应商是否能够提供安全解决方案。...
server_socket.zip_Server_Socket co_gateway
09-22
在IT行业中,网络通信是至关重要的一个领域,而Server Socket是实现网络通信的关键组件。"server_socket.zip_Server_Socket co_gateway"这个压缩包文件显然包含了关于如何使用Server Socket的Delphi编程示例代码,该...
ES8 打印DSL
u011250186的博客
10-20 1440
ES8 打印DSL
查看es p12证书文件过期方法
u011250186的博客
06-24 420
查看es p12证书文件过期方法
HTTP状态码(HTTP Status Code)讲解
x15514104477的博客
07-19 334
http状态码的详细讲解,方便在用的时候快速找到
https和http区别
qq_39495959的博客
07-18 1326
HTTP信息是明文传输,而HTTPS则通过SSL/TLS协议进行加密传输,确保数据传输的安全性。HTTPS可以验证服务器身份,防止中间人攻击,保护数据的完整性和保密性。HTTPS是在HTTP基础上加入SSL构建的,支持加密传输和身份认证。由于HTTPS在传输层增加了加密处理,页面加载速度可能会比HTTP慢,且对服务器资源消耗更大。HTTPS需要向CA(证书颁发机构)申请证书,这通常涉及一定的费用,而HTTP不需要。HTTPS的URL以"https://“开头,而HTTP则是"http://”。
GO语言用http包发送带json文本body的GET请求
星瀚
07-17 432
/ 将请求数据序列化为JSON。// 创建HTTP请求。
【音视频 | HTTP协议】HTTP协议详细介绍(HTTP方法、报文格式、报文头部字段、状态码)
wkd_007的博客
07-18 861
本文注意介绍HTTP协议,介绍了HTTP常用的方法、HTTP协议的报文格式、常见的报文头部字段、常见的状态码。
网络通信」HTTP 协议
Ice_Sugar_7的博客
07-14 1237
HTTP 协议全称为超文本传输协议,超文本比文本更加强大,它不仅包含字符串,还可以携带一些图片、特殊格式等HTTP 最主要的应用场景就是网站。浏览器和服务器、客户端和服务器之间传输数据的协议,很可能就是 HTTP
【用户投稿】使用 SeaTunnel 进行 HTTP 同步到 Doris 实战经验分享
weixin_54625990的博客
07-18 512
由于我司的项目中需要接入不同的数据源的数据到数仓中,在选择了众多的产品中最后选择了Apache SeaTunnel,上面的source配置的schema中的id,接口返回的实际类型是字符串类型,但是是雪花算法的全数字类型,所以使用。目前我这边使用的接口,暂时没有接口认证,如果需要接口认证的方式接入数据,再做讨论及测试。的区别就在于job执行的环境不同,conf使用的是。使用的id作为主键,Doris要求主键列类型。话不多说,先贴最终的运行文件,由于我使用的。以上是我的一些经验分享,希望对大家有帮助!
代理伺服器分類詳解
ecommerce_Amazon的博客
07-19 426
代理伺服器分類詳解。
比较RMI、HTTP+JSON/XML、gRPC
在那一刻,我们或许会发现自己站在了时间的另一岸,以更加成熟和宽广的胸怀,去拥抱那份隔代相传的深情。
07-16 1070
RMI是Java特有的远程调用机制,允许运行在一个Java虚拟机上的对象调用运行在另一个Java虚拟机上的对象的方法。RMI使用Java远程消息交换协议JRMP(Java Remote Messaging Protocol)进行通信。
我去,怎么http全变https了
最新发布
qq_17105113的博客
07-19 2981
HTTP的。
received plaintext http traffic on an https channel, closing connection Netty4HttpChannel{localAddress=/[0:0:0:0:0:0:0:1]:9200
04-03
As an AI language model, I cannot provide a specific solution to this issue as it requires more context and details. However, this error message suggests that there was an attempt to send plain text HTTP traffic over an HTTPS channel, which is not allowed. This could be due to a misconfigured client or server, or a possible security breach. The connection was closed to prevent any further communication. It is recommended to investigate and fix the underlying issue to ensure secure communication.

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值