Post

SSL Errors on ...

Posted
By Oscar Llerena
1 min read
SSL Errors on ...

Syptom

In the Elastic Agent Endpoint, deployed in the Windows server, we see these error logs at

C: > Program Files > Elastic > Endpoint > data > log > endpoint-00000:

{"@timestamp":"2024-10-21T15:08:41.2364243Z","agent":{"id":"2e61ca33-51ff-4351-ac75-2df60e6adaae","type":"endpoint"},"ecs":{"version":"8.10.0"},"log":{"level":"error","origin":{"file":{"line":313,"name":"MessageHelpers.cpp"}}},"message":"MessageHelpers.cpp:313 CURL error: SSL peer certificate or SSH remote key was not OK [SSL certificate problem: self-signed certificate in certificate chain]","process":{"pid":4172,"thread":{"id":5524}}}

{"@timestamp":"2024-10-21T17:54:51.2251992Z","agent":{"id":"2e61ca33-51ff-4351-ac75-2df60e6adaae","type":"endpoint"},"ecs":{"version":"8.10.0"},"log":{"level":"error","origin":{"file":{"line":313,"name":"MessageHelpers.cpp"}}},"message":"MessageHelpers.cpp:313 CURL error: SSL peer certificate or SSH remote key was not OK [SSL certificate problem: self-signed certificate in certificate chain]","process":{"pid":4172,"thread":{"id":5524}}}

{"@timestamp":"2024-10-21T19:07:13.8928372Z","agent":{"id":"2e61ca33-51ff-4351-ac75-2df60e6adaae","type":"endpoint"},"ecs":{"version":"8.10.0"},"log":{"level":"error","origin":{"file":{"line":313,"name":"MessageHelpers.cpp"}}},"message":"MessageHelpers.cpp:313 CURL error: SSL peer certificate or SSH remote key was not OK [SSL certificate problem: self-signed certificate in certificate chain]","process":{"pid":4172,"thread":{"id":5524}}}

{"@timestamp":"2024-10-21T19:07:13.8928372Z","agent":{"id":"2e61ca33-51ff-4351-ac75-2df60e6adaae","type":"endpoint"},"ecs":{"version":"8.10.0"},"log":{"level":"error","origin":{"file":{"line":313,"name":"MessageHelpers.cpp"}}},"message":"MessageHelpers.cpp:313 CURL error: SSL peer certificate or SSH remote key was not OK [SSL certificate problem: self-signed certificate in certificate chain]","process":{"pid":4172,"thread":{"id":5524}}}

{"@timestamp":"2024-10-22T05:17:15.9020748Z","agent":{"id":"","type":"endpoint"},"ecs":{"version":"8.10.0"},"log":{"level":"error","origin":{"file":{"line":1281,"name":"PolicyConfig.cpp"}}},"message":"PolicyConfig.cpp:1281 Global configuration artifact is not available","process":{"pid":3348,"thread":{"id":3772}}}

{"@timestamp":"2024-10-22T05:17:24.2559462Z","agent":{"id":"2e61ca33-51ff-4351-ac75-2df60e6adaae","type":"endpoint"},"ecs":{"version":"8.10.0"},"log":{"level":"error","origin":{"file":{"line":313,"name":"MessageHelpers.cpp"}}},"message":"MessageHelpers.cpp:313 CURL error: SSL peer certificate or SSH remote key was not OK [SSL certificate problem: self-signed certificate in certificate chain]","process":{"pid":3348,"thread":{"id":4364}}}

{"@timestamp":"2024-10-22T05:17:33.7243729Z","agent":{"id":"2e61ca33-51ff-4351-ac75-2df60e6adaae","type":"endpoint"},"ecs":{"version":"8.10.0"},"log":{"level":"error","origin":{"file":{"line":313,"name":"MessageHelpers.cpp"}}},"message":"MessageHelpers.cpp:313 CURL error: SSL peer certificate or SSH remote key was not OK [SSL certificate problem: self-signed certificate in certificate chain]","process":{"pid":3348,"thread":{"id":4364}}}

{"@timestamp":"2024-10-22T05:22:36.0236585Z","agent":{"id":"2e61ca33-51ff-4351-ac75-2df60e6adaae","type":"endpoint"},"ecs":{"version":"8.10.0"},"log":{"level":"error","origin":{"file":{"line":313,"name":"MessageHelpers.cpp"}}},"message":"MessageHelpers.cpp:313 CURL error: SSL peer certificate or SSH remote key was not OK [SSL certificate problem: self-signed certificate in certificate chain]","process":{"pid":3348,"thread":{"id":4364}}}

C: > Program Files > Elastic > Agent > elastic-agent-20241022:

{"log.level":"error","@timestamp":"2024-10-22T14:17:06.332+0900","log.logger":"component.runtime.endpoint-default.service_runtime","log.origin":{"function":"github.com/elastic/elastic-agent/pkg/component/runtime.executeCommand.func2","file.name":"runtime/service_command.go","file.line":68},"message":"2024-10-22 05:17:06: info: Main.cpp:566 Verifying existing installation","context":"command output","ecs.version":"1.6.0"}

{"log.level":"error","@timestamp":"2024-10-22T14:17:06.332+0900","log.logger":"component.runtime.endpoint-default.service_runtime","log.origin":{"function":"github.com/elastic/elastic-agent/pkg/component/runtime.executeCommand.func2","file.name":"runtime/service_command.go","file.line":68},"message":"2024-10-22 05:17:06: info: InstallLib.cpp:602 Running [C:\\Program Files\\Elastic\\Endpoint\\elastic-endpoint.exe] [version --log stdout]","context":"command output","ecs.version":"1.6.0"}

{"log.level":"error","@timestamp":"2024-10-22T14:17:06.332+0900","log.logger":"component.runtime.endpoint-default.service_runtime","log.origin":{"function":"github.com/elastic/elastic-agent/pkg/component/runtime.executeCommand.func2","file.name":"runtime/service_command.go","file.line":68},"message":"2024-10-22 05:17:06: debug: Service.cpp:804 PPL is supported. This process is unprotected. (TrustLevelSid: absent)","context":"command output","ecs.version":"1.6.0"}

{"log.level":"error","@timestamp":"2024-10-22T14:17:06.442+0900","log.logger":"component.runtime.endpoint-default.service_runtime","log.origin":{"function":"github.com/elastic/elastic-agent/pkg/component/runtime.executeCommand.func2","file.name":"runtime/service_command.go","file.line":68},"message":"2024-10-22 05:17:06: info: InstallLib.cpp:641 Installed endpoint is expected version (version: 8.15.3, compiled: Wed Oct 9 21:00:00 2024, branch: HEAD, commit: c7f6d284de531597ea12e2baa29ecd7a46f41e65)","context":"command output","ecs.version":"1.6.0"}

{"log.level":"error","@timestamp":"2024-10-22T14:17:06.442+0900","log.logger":"component.runtime.endpoint-default.service_runtime","log.origin":{"function":"github.com/elastic/elastic-agent/pkg/component/runtime.executeCommand.func2","file.name":"runtime/service_command.go","file.line":68},"message":"2024-10-22 05:17:06: info: Util.cpp:2146 Endpoint Service is running.","context":"command output","ecs.version":"1.6.0"}

{"log.level":"error","@timestamp":"2024-10-22T14:18:42.441+0900","message":"Error fetching data for metricset system.process: error fetching pid 3348: error fetching PID 3348: FillMetricsRequiringMoreAccess: error fetching process args: Not enough privileges to fetch information: OpenProcess failed: Access is denied.","component":{"binary":"metricbeat","dataset":"elastic_agent.metricbeat","id":"system/metrics-monitoring","type":"system/metrics"},"log":{"source":"system/metrics-monitoring"},"log.origin":{"file.line":256,"file.name":"module/wrapper.go","function":"github.com/elastic/beats/v7/metricbeat/mb/module.(*metricSetWrapper).fetch"},"service.name":"metricbeat","ecs.version":"1.6.0","ecs.version":"1.6.0"}

Still don’t have an answer for this issue

IDS paper review
research cps iot
This post is licensed under CC BY 4.0 by the author.