Hi folks,
I need some advice here. We have an ES Cluster running on version 7.16.3, spread in 28 nodes with role master-only, ingest-only and data-only.
SSL is enabled for http and transport and running fine until we renew the certificates that has expired.
It throws the below error when we try to query with curl -XGET -u user:password http_url:9200/_cluster/stats
{"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/_security/_authenticate]","header":{"WWW-Authenticate":["Basic realm="security" charset="UTF-8"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [elastic] for REST request [/_security/_authenticate]","header":{"WWW-Authenticate":["Basic realm="security" charset="UTF-8"","ApiKey"]}},"status":401}
Just to provide more context to the issue:
- We are quite sure it's not the credential issue. We try to disable SSL by setting false for settings in elasticsearch.yml and test the api with http and it works.
- We also quite sure the certs are working fine by testing cert with openssl s_client ip:9200.
Question:
Is there any way we can narrow down and eliminate the possibilities that causing the issue?
I tried to shutdown ES services for all the nodes. and start with 1 and 2 master nodes, it's still show the same error. Is there any requirement to have at least the master node to work first, so that the authentication function is running?