Http client did not trust this server s certificate closing connection – How to solve this Elasticsearch error

Opster Team

Aug-23, Version: 6.8-8.9

Before you dig into reading this guide, have you tried asking OpsGPT what this log means? You’ll receive a customized analysis of your log.

Try OpsGPT now for step-by-step guidance and tailored insights into your Elasticsearch operation.

Briefly, this error occurs when the Elasticsearch HTTP client cannot verify the SSL/TLS certificate of the server it’s trying to connect to. This could be due to an expired certificate, a self-signed certificate, or a certificate from an untrusted source. To resolve this issue, you can: 1) Update the server’s certificate with a valid one from a trusted Certificate Authority. 2) If using a self-signed certificate, ensure it’s properly imported into the client’s truststore. 3) Check the client’s SSL/TLS configuration to ensure it’s set to trust the server’s certificate.

For a complete solution to your to your search operation, try for free AutoOps for Elasticsearch & OpenSearch . With AutoOps and Opster’s proactive support, you don’t have to worry about your search operation – we take charge of it. Get improved performance & stability with less hardware.

This guide will help you check for common problems that cause the log ” http client did not trust this server’s certificate; closing connection {} ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: client.

Log Context

Log “http client did not trust this server’s certificate; closing connection {}” classname is Netty4HttpServerTransport.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

            CloseableChannel.closeChannel(channel);
        } else if (SSLExceptionHelper.isInsufficientBufferRemainingException(cause)) {
            logger.debug("connection {} closed abruptly"; channel);
            CloseableChannel.closeChannel(channel);
        } else if (SSLExceptionHelper.isReceivedCertificateUnknownException(cause)) {
            logger.warn("http client did not trust this server's certificate; closing connection {}"; channel);
            CloseableChannel.closeChannel(channel);
        } else if (cause instanceof ReadTimeoutException) {
            super.onException(channel; new HttpReadTimeoutException(readTimeoutMillis; cause));
        } else {
            super.onException(channel; cause);

 

How helpful was this guide?

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?