Certificate doesn't match any of the subject alternative names

Since update to ELK 8 there is following problem:

[2022-02-23T23:18:41,619][WARN ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"Certificate for <elasticsearch> doesn't match any of the subject alternative names: [fe80:0:0:0:b253:fe6:fed2:1963, localhost, 0:0:0:0:0:0:0:1, 127.0.0.1, 192.168.1.1, ASDF]", :exception=>Manticore::UnknownException, :cause=>javax.net.ssl.SSLPeerUnverifiedException: Certificate for <elasticsearch> doesn't match any of the subject alternative names: [fe80:0:0:0:b253:fe6:fed2:1963, localhost, 0:0:0:0:0:0:0:1, 127.0.0.1, 192.168.1.1, ASDF]}

Now certificate is generated due apt-get install, not like before - manually, where I was able to set values like alternative name etc.

I found also solutions to verify only 'certificate', but it dont work in ELK 8.

I want have certificate validation with ssl_certificate_verification => true and I want have most universal config, so I have connection to hostname elasticsearch which I configure in /etc/hosts - I don't want always edit config in XX places. I dont want always edit config for it common name generated due install with apt.

Please help, thanks.

Any idea how can I edit/regenerate certificate to set own/wanted alternative names?

I had a similar problem like this (Unable to create an enrollment token for Kibana. "Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificate")

A reply I got there was:

So I guess you made the same mistake as me, by installing ES without the later used interface being already present.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.