Certificate doesn't match any of the subject alternative names

Since update to ELK 8 there is following problem:

[2022-02-23T23:18:41,619][WARN ][logstash.outputs.elasticsearch][main] Failed to perform request {:message=>"Certificate for <elasticsearch> doesn't match any of the subject alternative names: [fe80:0:0:0:b253:fe6:fed2:1963, localhost, 0:0:0:0:0:0:0:1, 127.0.0.1, 192.168.1.1, ASDF]", :exception=>Manticore::UnknownException, :cause=>javax.net.ssl.SSLPeerUnverifiedException: Certificate for <elasticsearch> doesn't match any of the subject alternative names: [fe80:0:0:0:b253:fe6:fed2:1963, localhost, 0:0:0:0:0:0:0:1, 127.0.0.1, 192.168.1.1, ASDF]}

Now certificate is generated due apt-get install, not like before - manually, where I was able to set values like alternative name etc.

I found also solutions to verify only 'certificate', but it dont work in ELK 8.

I want have certificate validation with ssl_certificate_verification => true and I want have most universal config, so I have connection to hostname elasticsearch which I configure in /etc/hosts - I don't want always edit config in XX places. I dont want always edit config for it common name generated due install with apt.

Please help, thanks.

Any idea how can I edit/regenerate certificate to set own/wanted alternative names?

I had a similar problem like this (Unable to create an enrollment token for Kibana. "Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificate")

A reply I got there was:

So I guess you made the same mistake as me, by installing ES without the later used interface being already present.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.