I have created a set of certs, without DNS and IP. In the config of elastic search and config , I have set the ssl.verification.mode = certificate
in the elastic and Kibana configs. Things work fine.
But when I connect from any other client like spark , it is getting error that server name is required. So looks like either I need to disable the hostname verification in client if possible or new to generate certs with IP or DNS.
The problem with IP or DNS I am facing is , how do I add a new node in the cluster if required , I need to create a new cert for it which is signed by the same CA which is already in the cluster. I dont want to use mutiple CA's.
So the questions is how can we generate more certs for new nodes using the CA cert created for the existing cluster using certgen utility?
Option Description
------ -----------
-E <KeyValuePair> Configure a setting
--cert path to an existing ca certificate
--csr only generate certificate signing requests
--days <Integer> number of days that the generated certificates are valid
--dn distinguished name to use for the generated ca. defaults
to CN=Elastic Certificate Tool Autogenerated CA
-h, --help show help
--in file containing details of the instances in yaml format
--key path to an existing ca private key
--keysize <Integer> size in bits of RSA keys
--out path of the zip file that the output should be written to
--pass password for an existing ca private key or the generated
ca private key
-s, --silent show minimal output
-v, --verbose show verbose output
Use the --cert with the --key option to specify the CA when signing certificates for other nodes.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.