Wazuh indexer error. SSL conection
Bitemir Myrzash
Wazuh indexer
[2025-06-04T10:32:53,245][ERROR][o.o.h.n.s.SecureNetty4HttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
[2025-06-04T10:38:20,747][ERROR][o.o.h.n.s.SecureNetty4HttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
Indexer
[2025-06-04T15:19:12,816][ERROR][i.n.u.c.D.rejectedExecution] [node-1] Failed to submit a listener notification task. Event loop shut down?
[2025-06-04T15:21:40,769][ERROR][o.o.s.a.s.SinkProvider ] [node-1] Default endpoint could not be created, auditlog will not work properly.
[2025-06-04T15:22:26,331][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
[2025-06-04T15:22:26,333][ERROR][o.o.s.a.BackendRegistry ] [node-1] Not yet initialized (you may need to run securityadmin)
Please, help, I cannot solve this a lot of time
Md. Nazmur Sakib
Hi Bitemir,
What is the version of your Wazuh indexer?
There was a bug related to this error, which was resolved on 4.9.1
https://github.com/wazuh/wazuh-indexer/issues/427
Is your indexer service up and running?
systemctl status wazuh-indexer
If the indexer is up and running, share the output of this command.
filebeat test output
To
validate the indexer certificate, you could check this command.
curl -u admin:<admin_pass> --cacert <path.pem> --cert <path-client.pem> --key <path-client-key.pem> -X GET "https://<IP>:9200/_cluster/health"
Can you check if you have all five certificates in this folder?
The right permission and ownership will be this:
chmod 500 /etc/wazuh-indexer/certs
chmod 400 /etc/wazuh-indexer/certs/*
chown -R wazuh-indexer:wazuh-indexer /etc/wazuh-indexer/certs
Next, check the indexer config file to see if you have the right certificate name.
/etc/wazuh-indexer/opensearch.yml
If you still face this issue, share the output of these commands
ll /etc/wazuh-indexer/certs
cat /etc/wazuh-indexer/opensearch.yml
openssl x509 -in /etc/wazuh-indexer/certs/root-ca.pem -text -noout
Looking forward to your update on the issue.
Bitemir Myrzash
all-in-one
indexer shards is okey (green)
wazuh-indexer /etc/wazuh-indexer/certs
Everything okey, MD5 hash and chmod is okey
"cluster_name" : "wazuh-indexer-cluster",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 1,
"number_of_data_nodes" : 1,
"discovered_master" : true,
"discovered_cluster_manager" : true,
"active_primary_shards" : 700,
"active_shards" : 700,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
Md. Nazmur Sakib
Sorry for the late response. I was on holiday.
Are you still facing this issue?
If you are getting the cluster health results with this command, then your indexer certificates are fine.
curl -u admin:<admin_pass> --cacert <path.pem> --cert <path-client.pem> --key <path-client-key.pem> -X GET "https://<IP>:9200/_cluster/health
Run the Wazuh indexer indexer-security-init.sh script to load the certificates information again and start the cluster.
/usr/share/wazuh-indexer/bin/indexer-security-init.sh
If you still face issues, please let me know which service is interrupted by the certificates.
Share the output of this command to see the details of the certificates.
openssl x509 -in /etc/wazuh-indexer/certs/root-ca.pem -text -noout
Looking forward to your update on the issue.