Error: The client is unable to verify (solved)

[christianreiss]

Hey folks,

I am getting this error:

parsedmarc -c parsedmarc.ini 
/opt/dmarc/.local/lib/python3.6/site-packages/elasticsearch/connection/http_urllib3.py:211: UserWarning: Connecting to https://127.0.0.1:9200 using SSL with verify_certs=False is insecure.
  % self.host
 WARNING:base.py:294:GET https://127.0.0.1:9200/ [status:401 request:0.058s]
/opt/dmarc/.local/lib/python3.6/site-packages/elasticsearch_dsl/index.py:414: ElasticsearchWarning: The client is unable to verify that the server is Elasticsearch due security privileges on the server side
  return self._get_connection(using).indices.exists(index=self._name, **kwargs)
 WARNING:base.py:294:HEAD https://127.0.0.1:9200/dmarc_aggregate [status:401 request:0.002s]
Traceback (most recent call last):
  File "/opt/dmarc/.local/bin/parsedmarc", line 8, in <module>
    sys.exit(_main())
  File "/opt/dmarc/.local/lib/python3.6/site-packages/parsedmarc/cli.py", line 621, in _main
    forensic_indexes=[es_forensic_index])
  File "/opt/dmarc/.local/lib/python3.6/site-packages/parsedmarc/elastic.py", line 244, in migrate_indexes
    if not Index(aggregate_index_name).exists():
  File "/opt/dmarc/.local/lib/python3.6/site-packages/elasticsearch_dsl/index.py", line 414, in exists
    return self._get_connection(using).indices.exists(index=self._name, **kwargs)
  File "/opt/dmarc/.local/lib/python3.6/site-packages/elasticsearch/client/utils.py", line 347, in _wrapped
    return func(*args, params=params, headers=headers, **kwargs)
  File "/opt/dmarc/.local/lib/python3.6/site-packages/elasticsearch/client/indices.py", line 372, in exists
    "HEAD", _make_path(index), params=params, headers=headers
  File "/opt/dmarc/.local/lib/python3.6/site-packages/elasticsearch/transport.py", line 466, in perform_request
    raise e
  File "/opt/dmarc/.local/lib/python3.6/site-packages/elasticsearch/transport.py", line 434, in perform_request
    timeout=timeout,
  File "/opt/dmarc/.local/lib/python3.6/site-packages/elasticsearch/connection/http_urllib3.py", line 291, in perform_request
    self._raise_error(response.status, raw_data)
  File "/opt/dmarc/.local/lib/python3.6/site-packages/elasticsearch/connection/base.py", line 329, in _raise_error
    status_code, error_message, additional_info
elasticsearch.exceptions.AuthenticationException: AuthenticationException(401, '')

My config.ini:

[general]
save_aggregate = True
save_forensic = True

[imap]
host = X
user = X
password = X
watch = True

[elasticsearch]
hosts = 127.0.0.1:9200
ssl = True

[syslog]
server = localhost
port = 514

Elasticsearch config:

egrep -ve '(^#|^$)' /etc/elasticsearch/elasticsearch.yml
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12
cluster.initial_master_nodes: ["X"]
http.host: [_local_]

I fiddled with all thinkable settings to no avail. Anything I am missing?

[Hexamailman]

Hi, I'm not an expert but I resolved this issue in putting the username and password of elastic in the parsedmarc.ini config like this :

[elasticsearch]
hosts = https://username:PASSWORD@127.0.0.1:9200
ssl = True

Best regards

[christianreiss]

That was the solution. Thanks :)

Hi, I'm not an expert but I resolved this issue in putting the username and password of elastic in the parsedmarc.ini config like this :

[fluidum]

Confusing error by elasticsearch_dsl package. In my scenario elastic index privileges permissions were stopped working.