TLS CLIENT ALERT: Fatal - Unknown CA

Question

TLS CLIENT ALERT: Fatal - Unknown CA

Closed this issue 5 months ago · 2 comments

Sadique-The-Alchemist commented 8 months ago

mix elasticsearch.build posts --cluster Elastic.ElasticsearchCluster responds
** (Mix) Index posts could not be created.

%HTTPoison.Error{reason: {:tls_alert, {:unknown_ca, 'TLS client: In state wait_cert_cr at ssl_handshake.erl:2109 generated CLIENT ALERT: Fatal - Unknown CA\n'}}, id: nil}

Answer 1 · 2023-12-25T08:00:36.000Z

I installed Elastic Search through Docker and it's initial REST API call to ensure Elastic Search properly installed was
curl --cacert http_ca.crt -u elastic:$ELASTIC_PASSWORD https://localhost:9200 .
The mix elasticsearch.build command does not support --cacert as option

Answer 2 · 2024-01-18T02:08:29.000Z

If you're using OTP26 - https://www.erlang.org/blog/otp-26-highlights/#ssl-safer-defaults
Try this in your config:

config :my_app, MyApp.Elasticsearch.Cluster,
  enabled: false,
  default_options: [
    ssl: [{:verify, :verify_none}] #<=== this line
  ],
  api: Elasticsearch.API.HTTP,
  json_library: Jason

I followed the docker compose file setup for cluster, and this seems to work.