I'm trying to do a remote reindexing from a 5.3 cluster to a 7.16 cluster, and need a way to disable hostname verification when communicating between them. The 5.3 cluster's certificate doesn't match the hostname, and I would like to avoid changing the cert if I can.
Failure response is
{
"error" : {
"root_cause" : [
{
"type" : "s_s_l_peer_unverified_exception",
"reason" : "Host name '<REDACTED>' does not match the certificate subject provided by the peer (CN=<DIFFERENT_REDACTED>, OU=<REDACTED3>, O=\"<REDACTED4>\", C=US)"
}
],
"type" : "s_s_l_peer_unverified_exception",
"reason" : "Host name '<REDACTED>' does not match the certificate subject provided by the peer (CN=<DIFFERENT_REDACTED>, OU=<REDACTED3> O=\"<REDACTED4>\", C=US)"
},
"status" : 500
}
Per other threads I've found like Disable hostname verification for xpack monitoring, I've tried setting xpack.monitoring.elasticsearch.ssl.verification_mode: "certificate"
and xpack.monitoring.elasticsearch.ssl.verificationMode: "certificate"
in elasticsearch.yml
, but get the following back when trying to start Elasticsearch
java.lang.IllegalArgumentException: unknown setting [xpack.monitoring.elasticsearch.ssl.verification_mode] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:561)
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:507)
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:477)
at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:447)
at org.elasticsearch.common.settings.SettingsModule.<init>(SettingsModule.java:137)
at org.elasticsearch.node.Node.<init>(Node.java:500)
at org.elasticsearch.node.Node.<init>(Node.java:309)
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:234)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:234)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:434)
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:166)
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:157)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:77)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:112)
at org.elasticsearch.cli.Command.main(Command.java:77)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:122)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:80)
For complete error details, refer to the log at <ALSO_REDACTED>
Is there actually a setting I can use to disable hostname verification here?