Connect Enterprise Search to elasticsearch via SSL

Hi,
i have the Elasticsearch up and running with SSL
the command curl --insecure -X GET 'https://localhost:9200?pretty' works perfectly
now after installing the Enterprise Search, the yml looks like below ::

elasticsearch.host: https://localhost:9200

allow_es_settings_modification: true

secret_management.encryption_keys: [z%C*F-Ja]

ent_search.ssl.enabled: true
ent_search.ssl.keystore.path: "/keys/keystore.jks"
ent_search.ssl.keystore.password: "changeme"
ent_search.ssl.keystore.key_password: "changeme"
ent_search.external_url: https://localhost:3002

but the connection failed
any idea ?

Are you using self signed certs? If so the. The enterprise search server probably isn't set up to trust the elasticsearch server certificate.

hi Alex
the request curl --insecure -X GET 'https://localhost:9200?pretty' works fine
so I assume the SSL configuration is ok in the elasticsearch

the lasticsearch.yml looks like below ::
network.host: 0.0.0.0
cluster.initial_master_nodes: ["node-1"]

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: none
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.client_authentication: none

http.host: 0.0.0.0
http.cors.enabled : true
http.cors.allow-origin : "*"
http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers : X-Requested-With,X-Auth-Token,Content-Type, Content-Length

xpack.security.authc.api_key.enabled: true
xpack.security.authc:
anonymous:
roles: superuser
authz_exception: true

I am new to SSL and how it should work, so maybe I am missing something
please help

I wasn't saying that the SSL wasn't setup properly in elasticsearch, but SSL is based off of trust. I trust the issuer so I trust you. If the enterprise search server isn't set to trust the certificates that are on the elasticsearch server then the requests will fail. The reason the curl commands are working is because you're using the --insecure, try without and you'll see the error I'm referring to.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.