I am getting the following deprecation warning in both filebeat and metricbeat. I am currently using ES 7.17.9, but will be upgrading to 8.x soon:
DEPRECATED: Treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present is going to be removed. Please update your certificates if needed. Will be removed in version: 8.0.0
I can't figure out exactly what needs to change with my certificate. My CN field is:
CN=esnode-aln-nbadev4.labs.server.com
My SAN value for filebeat 7.17.9 is:
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:aln-nbadev4.labs.server.com
I tried adding this to the certificate, but I still get the deprecation message. What needs to be added to the certificate?
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:aln-nbadev4.labs.server.com, DNS:esnode-aln-nbadev4.labs.server.com
Are you able to regenerate the certificates? I would also recommend checking the location of the keystore in your configuration. The below resources might help:
Filebeat and elasticsearch are working just fine. I'm just trying to eliminate the deprecation warning about the certificate. I can easily regenerate the certificates.
I added an additional SAN value to try to fix the issue (esnode-aln-nbadev4.labs.server.com), but it did not affect anything. The error message says that no Subject Alternative Names are present, when one or two clearly are present. I'm trying figure out what this error message is trying to get me to change.
Is the CN supposed to match the fully qualified node name exactly? Because our elasticsearch CN has "esnode-" at the beginning of it and then the node name follows.
[root@aln-nbadev4 filebeat]# filebeat keystore list
ES_FILEBEAT_PASSWORD
ES_FILEBEAT_USERNAME
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.