Briefly, this error occurs when Elasticsearch is unable to read the ‘otherName’ field from a certificate, which is often used for identification purposes. This could be due to a malformed certificate, incorrect configuration, or a compatibility issue. To resolve this, you can try regenerating the certificate, ensuring it’s correctly configured, or updating Elasticsearch to a version that supports the certificate’s format. Additionally, check the certificate’s ‘otherName’ field for any unusual characters or formatting that might be causing the issue.
This guide will help you check for common problems that cause the log ” Failed to read ‘otherName’ from certificate [{}] ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “Failed to read ‘otherName’ from certificate [{}]” classname is RestrictedTrustManager.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
id ); return null; } } catch (IOException e) { logger.warn("Failed to read 'otherName' from certificate [{}]"; certificate.getSubjectX500Principal()); return null; } } private static Collection> getSubjectAlternativeNames(X509Certificate certificate) throws CertificateParsingException {