Hi Team,
I have developed a node js service that will call Elasticsearch APIs to perform various operations like creating roles, creating users, establish user-role mapping etc. The Elasticsearch instance has been configured so as to enable HTTPS to access Elasticsearch APIs.
When my application calls the API, the below shown error message is seen
{ Error: unable to verify the first certificate
at TLSSocket. (_tls_wrap.js:1103:38)
at emitNone (events.js:106:13)
at TLSSocket.emit (events.js:208:7)
at TLSSocket._finishInit (_tls_wrap.js:637:8)
at TLSWrap.ssl.onhandshakedone (_tls_wrap.js:467:38) code: 'UNABLE_TO_VERIFY_LEAF_SIGNATURE' }
{ Error: socket hang up
at createHangUpError (_http_client.js:331:15)
Here are the request options for the API call from my node application.
Please let me know if key, cert and ca are the only required options to be added ?
var optionspost = {
host: utilities.elastic.host,
path: utilities.elasticAPIS.createUserRole+roleName,
port: utilities.elastic.port,
method: 'PUT',
key: <path_to_elasticsearch_client_key>, encoding),
cert: <path_to_elasticsearch_client_cert>, encoding),
ca: HPECAs.All_HPE_CAs,
headers: postheaders
};
The SSL configurations in elasticsearch.yml are as follows:
xpack.ssl.certificate: <path_to_elasticsearch>/config/certificates/server.crt
xpack.ssl.key: <path_to_elasticsearch>/config/certificates/server.key
xpack.ssl.certificate_authorities: ["<path_to_elasticsearch>/elasticsearch/config/certificates/ca1.cer","<path_to_elasticsearch>/elasticsearch/config/certificates/ca2.cer"]
Please confirm if-
- The value of 'key' in my application's request options should be the path for the same server key that is configured in xpack.ssl.key ?
- The value of 'cert' in my application's request options should be the path for the same server cert that is configured in xpack.ssl.certificate ?
- The value of 'ca' in my application's request options should be the path for the ca's configured in xpack.ssl.certificate_authorities ?
Thank you,
Vignesh Ravi