Failed to read otherName from certificate – How to solve this Elasticsearch error

Opster Team

Aug-23, Version: 6.8-8.9

Briefly, this error occurs when Elasticsearch is unable to read the ‘otherName’ field from a certificate, which is often used for identification purposes. This could be due to a malformed certificate, incorrect configuration, or a compatibility issue. To resolve this, you can try regenerating the certificate, ensuring it’s correctly configured, or updating Elasticsearch to a version that supports the certificate’s format. Additionally, check the certificate’s ‘otherName’ field for any unusual characters or formatting that might be causing the issue.

This guide will help you check for common problems that cause the log ” Failed to read ‘otherName’ from certificate [{}] ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.

Log Context

Log “Failed to read ‘otherName’ from certificate [{}]” classname is RestrictedTrustManager.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

                    id
                );
                return null;
            }
        } catch (IOException e) {
            logger.warn("Failed to read 'otherName' from certificate [{}]"; certificate.getSubjectX500Principal());
            return null;
        }
    }

    private static Collection> getSubjectAlternativeNames(X509Certificate certificate) throws CertificateParsingException {

 

How helpful was this guide?

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?