Elasticsearch and Docker Generating http_ca.crt

SwampyFox · March 7, 2022, 8:06pm

I have followed the instructions on installing Elasticsearch on Docker for version 8.0.1.

I am able to run the curl command against "https://localhost:9200" with the http_ca.crt and the password generated for the elastic user. However, if I replace "localhost" with the IP address of the host, I get the error message "no alternative certificate subject name matches target host name '##.#.###.#".

Is this going to be an issue when I try to connect an Elastic Agent on a separate machine? If so, what changes do I need to make? Or is there additional documentation that I can refer to.

Thank you

Chuck

SwampyFox · March 8, 2022, 3:10pm

Bump - Is there a way to control the cert generation, especially the host, when starting Elastic using Docker Run?

ikakavas · March 9, 2022, 8:40am

Hi @SwampyFox

You can start your container with

docker run --name es01 --net elastic -p 9200:9200 -p 9300:9300 -e "http.publish_host=<HOST_IP_HERE>" -it docker.elastic.co/elasticsearch/elasticsearch:8.1.0

and we'll put the HOST_IP in the SANs of the HTTP certificate so that you can use it to connect to it over https

Topic		Replies	Views
Adding Site Alternate Name (SAN) to the docker run command Elasticsearch elastic-stack-security , docker	2	715	October 29, 2022
How can I access elasticsearch cluster created by docker compose by using actual ip address? Elasticsearch docker	2	1218	March 21, 2023
Which certificate do I need for an external Java client linked to a self-hosted docker Elasticsearch 8.x, since the self-signed http_ca.crt does not function unless the Java client is installed locally on the same server? Elasticsearch elastic-stack-security , docker	4	1202	March 1, 2023
My Local machine does not recognize the elasticsearch certificate Elasticsearch docker	2	125	February 13, 2025
Elastic and Kibana 8.1.0 via Docker Compose Elastic Search docker	6	6234	November 4, 2022

Elasticsearch and Docker Generating http_ca.crt

Related topics