i currently have a 3 node ES cluster (6x) with kibana in front, and 3 logstash nodes behind.
Because we use SSO we have TLS/SSL enabled in ES both for the nodes 9300 and clients 9200.
The node to node is working great with certutil generated keystore and truststore, however the SSL cert for the client side is not working.
The client side cert is a wildcard from digicert that matches the loadbalancer address we use for all ES nodes. The Load balancer also has a copy of that key to serve SSL if we so desire.
Kibana and Logstash both were complaining that the certificate authority is not valid.
We were able to get kibana working by disabling certificate verification, however Logstash doesn't seem to want to connect no matter what we do.
We can curl to the loadbalancer with SSL and it works fine, however if we curl directly to the ES host on 9200 it always fails certificate validation.
It seems to me that the Logstash to ELB certs are fine but the one on the ES server itself will not pass validation.
Any assistance to get this working would be appreciated.
NOTE: This wildcard cert, is in fact valid and is being used in production.