This happens after starting up a fresh cluster on version 8.1.0 (extracted from the zip file).
The command fails with the following error.
C:\Users\myuser\Desktop\elasticsearch-8.1.0>curl --cacert config\certs\http_ca.crt -u elastic https://localhost:9200
curl: (60) schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
Using either --insecure or -k works, but that is not the ideal approach.
I followed the instructions within the documentation, so I presume that this approach should work. I am not very proficient with TLS certificates, so perhaps I am missing something?
@stephenb Thanks! The path is actually correct when using a zip file setup.
@ikakavas Hmm, I tried both on a separate physical Windows machine (and got the above error) and on a Parallels VM (on Mac). The latter gives me the following error.
curl: (77) schannel: next InitializeSecurityContext failed: SEC_E_UNTRUSTED_ROOT (0x80090325) - The certificate chain was issued by an authority that is not trusted.
Both have Internet access in general (including through curl). I also tried disabling the Windows firewall, but it made no difference.
I couldn't find any trace of that option anywhere (including in the man page). Maybe it has been replace by --insecure and -k? Otherwise I must be missing something.
Turns out ssl-no-revoke was there after all. Sorry, my bad. Using it does produce the error in my previous post, though.
Anyway, I am not actually going to use Elasticsearch on Windows since I am a Mac user. I am just producing some YouTube content and wanted to cover Windows as well. So if the command should work in general and this is somehow related to my particular setup, I am fine with leaving it at that.
They are not searchable, they are not accessible by vision impaired readers, they are hard to read on mobile devices and ultimately they make it far less likely that anyone will be able to provide you with the assistance you are after.
It looks like your first attempt connected correctly and you just entered the incorrect password for the elastic user.
Try it again, and double check the password.
curl: (60) schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN
More details here: curl - SSL CA Certificates
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
if we use --insecure it ignores the problem and I can get a valid results
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.