Hello ,
I'm trying to configure a cluster of 3 nodes with SSL enabled, I first created the master node, then I managed to add the other 2 nodes with the enrollment token.
The issue is when I try to query the master node with the following command:
curl -XGET https://10.0.2.198:9200/_cluster/health?pretty
I receive the following error:
curl: (60) SSL certificate problem: self signed certificate in certificate chain
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
and for a successful response, I would need to add the -k
to make an unsecured request and add the username and password.
curl -k -XGET https://10.0.2.198:9200/_cluster/health?pretty -u elastic
{
"cluster_name" : "my-application",
"status" : "green",
"timed_out" : false,
"number_of_nodes" : 3,
"number_of_data_nodes" : 3,
"active_primary_shards" : 15,
"active_shards" : 30,
"relocating_shards" : 0,
"initializing_shards" : 0,
"unassigned_shards" : 0,
"delayed_unassigned_shards" : 0,
"number_of_pending_tasks" : 0,
"number_of_in_flight_fetch" : 0,
"task_max_waiting_in_queue_millis" : 0,
"active_shards_percent_as_number" : 100.0
}
When I attempt to access this node from the browser, I receive this error:
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "missing authentication credentials for REST request [/_cluster/state?pretty]",
"header" : {
"WWW-Authenticate" : [
"Basic realm=\"security\" charset=\"UTF-8\"",
"Bearer realm=\"security\"",
"ApiKey"
]
}
}
],
"type" : "security_exception",
"reason" : "missing authentication credentials for REST request [/_cluster/state?pretty]",
"header" : {
"WWW-Authenticate" : [
"Basic realm=\"security\" charset=\"UTF-8\"",
"Bearer realm=\"security\"",
"ApiKey"
]
}
},
"status" : 401
}
Can Someone enlighten me on this point, on what I'm missing and on how to solve this issue?
I think that has something to do with the self-issued certificate.
My Elasticseach version is 8.3
Cordially,