2

I am trying to reindex from a remote server to my local es index. remote is a https host, I am getting SSL handshake exception as following error, please advise, thank you

{
  "source": {
    "remote": {
      "host": "https://otherhost:9200"
     },
    "index": "twitter",
    "query": {
      "match_all": {

      }
    }
  },
  "dest": {
    "index": "new_twitter"
  }
}

this is response:

{
    "error": {
        "root_cause": [
            {
                "type": "s_s_l_handshake_exception",
                "reason": "General SSLEngine problem"
            }
        ],
        "type": "s_s_l_handshake_exception",
        "reason": "General SSLEngine problem",
        "caused_by": {
            "type": "s_s_l_handshake_exception",
            "reason": "General SSLEngine problem",
            "caused_by": {
                "type": "validator_exception",
                "reason": "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
                "caused_by": {
                    "type": "sun_cert_path_builder_exception",
                    "reason": "unable to find valid certification path to requested target"
                }
            }
        }
    },
    "status": 500
}
Jamesjin
  • 371
  • 2
  • 6
  • 15
  • My guess is that you are either using some self-signed certificate on your server or that you provide an incomplete certificate chain. If your server is public try a check against [SSLLabs](https://www.ssllabs.com/ssltest/analyze.html). – Steffen Ullrich Jun 09 '18 at 10:10
  • May I ask you if you are able to do a request with Postman (for example) to `https://otherhost:9200/`? – Nikolay Vasiliev Jun 09 '18 at 16:30
  • Depending on what you are using to send the requests and what version of ES you are running, it is possible both have incompatible cipher suites. I've run into this issue when I was trying to use a client running older 128 bit SSL ciphers when trying to connect to a server that only accepted 256 bit ones. – ryanlutgen Jun 10 '18 at 07:16

0 Answers0