I would think this would be a common and a straight-forward situation as I am using certificates generated by the elasticsearch-certutil tool for setting up transport and client SSL/TLS communication. The problem I am having is that when using the elasticsearch.net low level client, I am getting the error "Could not create SSL/TLS secure channel..." when trying to push documents into my index.
But I can't find a clean example of how to trust the certificates generated by the elasticsearch-certutil tool in my code.
Any ideas? (I have to leave and will add more later - I have tried several things without success).
Update:
The solution was to add the following:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
The complete code is:
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
var cert = new X509Certificate(@"C:\Users\Public\Documents\http.pem");
var settings = new ConnectionConfiguration(new Uri("https://192.168.30.75:9200"))
.RequestTimeout(TimeSpan.FromMinutes(2))
.ServerCertificateValidationCallback(CertificateValidations.AuthorityIsRoot(cert))
.BasicAuthentication("elastic", "<password>");
var lowlevelClient = new ElasticLowLevelClient(settings);
This has to do with the fact that I am running on Windows 7. #tinfoilhat
Let me also add that I trusted the CA certificate that was generated by the elasticsearch-certutil tool by adding it to my development machine's Trusted Root Certificate Authorities container and also the http.p12 client certificate that was generated as well (converted to http.pem as seen in the code). So I basically went through the same steps one would go through to ensure that the http stack could connect to the site via SSL/TLS without any certificate related issues. So it's possible that the certificate code in this block is not required. But it's working right now and I'll leave it at that.
Thanks,
-Chris