Client did not trust this server's certificate for the Cluster

kharvey · May 13, 2019, 4:19pm

That was my problem.

I fixed my issue by running the following commands:

openssl genrsa -out logstash-es02.key 4096
openssl req -new -nodes -key logstash-es01.key -out logstash-es02.csr -config es02.conf
openssl x509 -req -in logstash-es02.csr -CA CACert.pem -CAkey CAKey.pem -CAcreateserial -out logstash-es01.crt -days 900  -extfile es02.conf -extensions req_ext

Adding the -exfile es02.conf -extensions req_ext to the end of the x509 create solved the problem.

And Just to keep the full solution all in one post, here is the es02.conf again for the cert.

[req]
default_bits = 4096
default_md = sha512
distinguished_name = dn
req_extensions = req_ext
prompt = no

[ dn ]
C=US
ST=NY
L=Gothan
O=Example
OU=Batman Tech Support
emailAddress=devops@example.com
CN=logstash-es02.ec2.example.com

[ req_ext ]
subjectAltName = @alt_names
extendedKeyUsage = serverAuth,clientAuth

[ alt_names ]
DNS.1 = logstash-es02.ec2.example.com
IP.1 = 10.249.39.247

Topic		Replies	Views
Elasticsearch TLS with Wildcard SAN Elasticsearch	13	3813	September 12, 2018
Shield.transport.ssl failure Elasticsearch elastic-stack-security	18	3898	July 6, 2017
Logtash to elasticsearch connection error using certificate Logstash elastic-stack-monitoring , elastic-stack-security	24	10326	November 21, 2019
Path does not chain with any of the trust anchors Elasticsearch elastic-stack-security	4	9672	February 12, 2023
Mutual tls/ssl on elasticsearch Elasticsearch elastic-stack-security	25	7312	October 8, 2019

Client did not trust this server's certificate for the Cluster

Related topics