Http client did not trust this server s certificate closing connection – How to solve this Elasticsearch error

Opster Team

Aug-23, Version: 6.8-8.9

Briefly, this error occurs when the Elasticsearch HTTP client cannot verify the SSL/TLS certificate of the server it’s trying to connect to. This could be due to an expired certificate, a self-signed certificate, or a certificate from an untrusted source. To resolve this issue, you can: 1) Update the server’s certificate with a valid one from a trusted Certificate Authority. 2) If using a self-signed certificate, ensure it’s properly imported into the client’s truststore. 3) Check the client’s SSL/TLS configuration to ensure it’s set to trust the server’s certificate.

This guide will help you check for common problems that cause the log ” http client did not trust this server’s certificate; closing connection {} ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: client.

Log Context

Log “http client did not trust this server’s certificate; closing connection {}” classname is Netty4HttpServerTransport.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

            CloseableChannel.closeChannel(channel);
        } else if (SSLExceptionHelper.isInsufficientBufferRemainingException(cause)) {
            logger.debug("connection {} closed abruptly"; channel);
            CloseableChannel.closeChannel(channel);
        } else if (SSLExceptionHelper.isReceivedCertificateUnknownException(cause)) {
            logger.warn("http client did not trust this server's certificate; closing connection {}"; channel);
            CloseableChannel.closeChannel(channel);
        } else if (cause instanceof ReadTimeoutException) {
            super.onException(channel; new HttpReadTimeoutException(readTimeoutMillis; cause));
        } else {
            super.onException(channel; cause);

 

 [ratemypost]