[BUG] Received fatal alert: unknown_ca error message was found

[pro-akim]

Description

Deploying AMI 4.9.1-rc1 and performing agent connection tests
The following messages were found in the logs:

Executing:

[root@wazuh-server wazuh-user]# grep -R -i -E "error|critical|fatal|warning" /var/log/wazuh-indexer/

/var/log/wazuh-indexer/wazuh-cluster_server.json:{"type": "server", "timestamp": "2024-09-23T12:00:34,095
Z", "level": "ERROR", "component": "o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport", "cluster.name": "wa
zuh-cluster", "node.name": "node-1", "message": "Exception during establishing a SSL connection: javax.ne
t.ssl.SSLHandshakeException: Received fatal alert: unknown_ca", "cluster.uuid": "sE0P5OfeS2S_K3uBZ9bNnA",
 "node.id": "xUrv4X77Se2U2JXZ697WFQ" , 
/var/log/wazuh-indexer/wazuh-cluster_server.json:"stacktrace": ["javax.net.ssl.SSLHandshakeException: Rec
eived fatal alert: unknown_ca",
/var/log/wazuh-indexer/wazuh-cluster_server.json:"at java.base/sun.security.ssl.TransportContext.fatal(Tr
ansportContext.java:365) ~[?:?]",
/var/log/wazuh-indexer/wazuh-cluster_server.json:"stacktrace": ["io.netty.handler.codec.DecoderException:
 javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca",

These messages were not present in previous stages/versions. The nature of these messages must be determined and whether they are expected or not.

[f-galland]

The error logs correlate in time with attempted connections from the indexer-connector module:

[root@wazuh-server ~]# grep 'indexer-connector: ERROR' /var/ossec/logs/ossec.log | tail -5
2024/09/24 11:40:22 indexer-connector: ERROR: SSL peer certificate or SSH remote key was not OK, status code: -1.
2024/09/24 11:59:44 indexer-connector: ERROR: SSL peer certificate or SSH remote key was not OK, status code: -1.
2024/09/24 12:19:26 indexer-connector: ERROR: SSL peer certificate or SSH remote key was not OK, status code: -1.
2024/09/24 12:25:54 indexer-connector: ERROR: SSL peer certificate or SSH remote key was not OK, status code: -1.
2024/09/24 13:01:43 indexer-connector: ERROR: SSL peer certificate or SSH remote key was not OK, status code: -1.


[root@wazuh-server ~]# grep SecuritySSLNettyHttpServerTransport /var/log/wazuh-indexer/wazuh-cluster.log | tail -5
[2024-09-24T11:40:22,786][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
[2024-09-24T11:59:44,956][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
[2024-09-24T12:19:26,690][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
[2024-09-24T12:25:54,497][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca
[2024-09-24T13:01:43,613][ERROR][o.o.s.s.h.n.SecuritySSLNettyHttpServerTransport] [node-1] Exception during establishing a SSL connection: javax.net.ssl.SSLHandshakeException: Received fatal alert: unknown_ca

This is being investigated by the team responsible for that module.

[AlexRuiz7]

May be fixed by wazuh/wazuh#25961