I have created a set of certs, without DNS and IP. In the config of elastic search and config , I have set the ssl.verification.mode = certificate
in the elastic and Kibana configs. Things work fine.
But when I connect from any other client like spark , it is getting error that server name is required. So looks like either I need to disable the hostname verification in client if possible or new to generate certs with IP or DNS.
The problem with IP or DNS I am facing is , how do I add a new node in the cluster if required , I need to create a new cert for it which is signed by the same CA which is already in the cluster. I dont want to use mutiple CA’s.
So the questions is how can we generate more certs for new nodes using the CA cert created for the existing cluster using certgen utility?