Disable hostname verification for xpack monitoring


(Lyndon Garvey) #1

I'm seeing the following error in the Kibana logs:

Request error, retrying\nHEAD https://xxxxxx:9200/ => Hostname/IP doesn't match certificate's altnames: "Host: xxxxx.eu-west-2.elb.amazonaws.com. is not in the cert's altnames: DNS:xxxxxx""

This is despite providing a CA with xpack.monitoring.elasticsearch.ssl.ca.

Kibana itself shows a page with Status: RED and lists this error message:

plugin:monitoring@5.6.2 No Living connections

How can I disable hostname verification for the monitoring url?


(Felix Stürmer) #2

Hi @lgee,

by default even certificates from trusted CAs must contain the correct hostname. If you want to explicitly disable the hostname check, try setting xpack.monitoring.elasticsearch.ssl.verificationMode to "certificate" instead of "full".


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.