Elasticsearch connection issue

Hello,

A bit of a noob on certs stuff and I had a previous question where I think I was complicating things to solve a connection issue to my Elasticsearch deployment:

The following is an image and an error message:

Caught exception while preforming bulk operation to Elasticsearch: Elasticsearch.Net.ElasticsearchClientException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.. Call: Status code unknown from: POST /_bulk ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

Right now, set up is simple:

I was wondering how people solved this issue with their deployment?

FYI: The servers will be not connected to the internet, so I could use http... maybe I could add say http.port into the ENV to connect via http?

Mike

This is a self signed certificate which explains the behavior.
When using curl, you can disable this check using -k option but this is only intended for tests and not for production, where you need to provide a real ssl certificate.

Hmm, bring a noob on these certificate matters, could you point me to any documentation of how to dockerize an Elasticsearch cluster using a real ssl certificate?

On the other hand, my deployment will never see the internet, is there anyway of using http?

Mike

Which client are you using to connect to Elasticsearch?

To connect with .net,

To connect with python,

  • Elasticsearch

I could turn off verify SSL, but would like to know the right way if I do open things up to the internet and keep things safe.

Mike

I think you could start from here: Manually configure security | Elasticsearch Guide [master] | Elastic

I've read that I could add a self signed certificate in Ubuntu to make it a trusted entity. Based on this documentation: Installing a root CA certificate in the trust store | Ubuntu

I've copied all 4 .crt files found in the docker container folders:
/usr/local/share/ca-certificates/ca
/usr/local/share/ca-certificates/es01
/usr/local/share/ca-certificates/es02
/usr/local/share/ca-certificates/es03

to the host folder:
/usr/local/share/ca-certificates

then ran:
sudo update-ca-certificate

But that still gave me the same error. Maybe I'm not providing the right file? Wondering if anyone had any thoughts on this?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.