Hello, I'm currently trying to follow the steps for installing Elasticsearch with Docker Install Elasticsearch with Docker | Elasticsearch Guide [8.11] | Elastic and I'm struggling with making a REST API call to Elasticsearch. I'm on Windows and I've followed all steps exactly, but I'm stuck at this command:
I've copied the http_ca.crt SSL certificate to my local machine, but when I run the curl command above, I get the following error:
C:\Users\conno>curl --cacert http_ca.crt -u elastic:$ELASTIC_PASSWORD https://localhost:9200
curl: (60) schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN
More details here: curl - SSL CA Certificates
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
I've also tried installing this SSL certificate in my Trusted Root Certification Authorities store, but this hasn't resolved the problem. Does anyone know how to resolve this issue?
C:\Users\conno>curl -v --cacert C:\Users\conno\http_ca.crt -u elastic:$ELASTIC_PASSWORD https://localhost:9200
Trying 127.0.0.1:9200...
Connected to localhost (127.0.0.1) port 9200 (#0)
schannel: disabled automatic use of client certificate
ALPN: offers http/1.1
schannel: added 1 certificate(s) from CA file 'C:\Users\conno\http_ca.crt'
schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN
Closing connection 0
schannel: shutting down SSL/TLS connection with localhost port 9200
curl: (60) schannel: CertGetCertificateChain trust error CERT_TRUST_REVOCATION_STATUS_UNKNOWN
More details here: curl - SSL CA Certificates 1
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
And Ok so now it works with -k
I can not comment too much about Windows certs etc. but the command with -k (which means do not validate the CA) shows that everything is working BUT the cert / CA is not being validated honored.
You will need to read about Windows Certs and that Article that was linked. Basically your laptop does not want to honor self signed certs / CAs
Also please learn how to format your code look / edit your last post you will see I added 3 Back tics before and after your code, that will properly format it
If you are using the curl command line tool, you can specify your own CA cert file by setting the environment variable CURL_CA_BUNDLE to the path of your choice.If you are using the curl command line tool on Windows, curl will search for a CA cert file named "curl-ca-bundle.crt" in these directories and in this order:
application's directory
current working directory
Windows System directory (e.g. C:\windows\system32)
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.