Elastic search TLS certificate setup, handshake failed. unexpected remote node

I am getting this issue :
stacktrace": ["org.elasticsearch.transport.ConnectTransportException: [my-server01][172.17.0.2:9300] handshake failed. unexpected remote node {my-server02}{C5Yp3aubR9ySTOAYm7txiA}{ZvtLxxD3SU6vRrqZM27dQg}{172.17.0.2}{172.17.0.2:9300}{cdfhlmrstw}{ml.machine_memory=8148025344, ml.max_open_jobs=512, xpack.installed=true, ml.max_jvm_size=536870912, transform.node=true}",

I don't know this ip 172.17.0.2 coming from i guess from the docker.

elasticsearch.yml
<
cluster.name: elk-server
node.name: "my-server01"

node.master: true
node.data: true
node.ingest: true
network.host: 0.0.0.0

discovery.seed_hosts: ["my-server02", "my-server03"]
cluster.initial_master_nodes: ["my-server01", "my-server02", "my-server03"]

#bootstrap.memory_lock: true

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/ssl/vie01-elk-server01.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/ssl/vie01-elk-server01.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/ssl/vie01-elk-server01.p12
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/ssl/vie01-elk-server01.p12
xpack.security.http.ssl.verification_mode: certificate

/>`

docker command used:
<docker run -d --name $HOSTNAME -p 9200:9200 -p 9300:9300 -e ELASTIC_PASSWORD=admin#432 -e ES_JAVA_OPTS="-Xms512m -Xmx512m" -v /etc/hosts:/etc/hosts -v /home/mgms-admin/.elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v /home/mgms-admin/.elasticsearch/data:/usr/share/elasticsearch/data -v /home/mgms-admin/.elasticsearch/certs:/usr/share/elasticsearch/config/ssl docker.elastic.co/elasticsearch/elasticsearch:7.14.0 />

In the instances.yml
instances:

  • name: "my-server01"
    ip:
    • "x.x.x.x"
      dns:
    • "my-server01.rc.elk"
  • name: "my-server02"
    ip:
    • "x.x.x.x"
      dns:
    • "my-server02.rc.elk"
  • name: "my-server03"
    ip:
    • "x.x.x.x"
      dns:
    • "my-server03.rc.elk"

This command to create cert:
bin/elasticsearch-certutil cert --silent --in instances.yml --out test1.zip --keep-ca-key

Unzip test1.zip
ca - ca.p12
my-server01 my-server01.p12
my-server02 my-server02.p12
my-server03 my-server03.p12

in the browser if i hit https://ip:9200 but not secure, unable to import ca.p12 in the browser asking about password but while issue didn't given passowrd.

image

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.