Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to connect to a Cloud hosted Elasticsearch instance that uses SSL #1612

Closed
samhagin opened this issue Jan 18, 2022 · 2 comments
Closed

How to connect to a Cloud hosted Elasticsearch instance that uses SSL #1612

samhagin opened this issue Jan 18, 2022 · 2 comments

Comments

@samhagin
Copy link

samhagin commented Jan 18, 2022
edited

馃挰 Questions and Help

I'm using the following code to connect to a Cloud-hosted Elasticsearch instance and it works fine without SSL.

Non-SSL code

var fs = require('fs')
var elasticsearch = require('elasticsearch')

const client = elasticsearch.Client({
    host: "http://username:password@cloudhostedes.com:9200",
})

client.ping({
    requestTimeout: 5000
}, function(error) {
    if (error) {
        console.trace('Error:', error);
    } else {
        console.log('Connected!');
    }
    // on finish
    client.close();
});

But fails with SSL since the new Node.js driver version requires SSL verification. I'm using version 16.7.2 of the driver.

SSL code

var fs = require('fs')
var elasticsearch = require('elasticsearch')

const client = elasticsearch.Client({
    host: "https://username:password@cloudhostedes.com:9201",
    ssl: {
         ca: fs.readFileSync('./cert.pfx'),
         rejectUnauthorized: true
    }
})

client.ping({
    requestTimeout: 5000
}, function(error) {
    if (error) {
        console.trace('Error:', error);
    } else {
        console.log('Connected!');
    }
    // on finish
    client.close();
});

Error

node:internal/tls/secure-context:278
      context.loadPKCS12(toBuf(pfx));
              ^

Error: Unable to load PFX certificate
    at configSecureContext (node:internal/tls/secure-context:278:15)
    at Object.createSecureContext (node:_tls_common:116:3)
    at Object.connect (node:_tls_wrap:1621:48)
    at HttpsAgent.createConnection (node:https:143:22)
    at HttpsAgent.createSocket (/scripts/node_modules/agentkeepalive/lib/_http_agent.js:265:26)
    at HttpsAgent.createSocket (/scripts/node_modules/agentkeepalive/lib/agent.js:77:11)
    at HttpsAgent.addRequest (/scripts/node_modules/agentkeepalive/lib/_http_agent.js:239:10)
    at new ClientRequest (node:_http_client:305:16)
    at Object.request (node:https:353:10)
    at HttpConnector.request (/scripts/node_modules/elasticsearch/src/lib/connectors/http.js:182:23) {
  code: 'ERR_CRYPTO_OPERATION_FAILED'
}

What is the fix for this? Am I using the correct certificate? The pfx file is from the hosting provider and it is a combination of the cert and the private key. I'd prefer to connect with SSL and not have to change rejectUnauthorized to false.

Thanks
@delvedor
Copy link
Member

Hello! You are using the legacy client, which is no longer supported. I strongly recommend migrating to the new one. You can find here additional information.

Regarding the error you are getting, it's thrown by Node.js itself, the client is passing the SSL options directly to node.

@fholzer
Copy link

fholzer commented Nov 29, 2022

Anyone else encountering Error: Unable to load PFX certificate regardless of whether they use a Cloud hosted ES cluster on not, see nodejs/node#36292 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fholzer @delvedor @samhagin