A bit of a noob on certs stuff and I had a previous question where I think I was complicating things to solve a connection issue to my Elasticsearch deployment:
Caught exception while preforming bulk operation to Elasticsearch: Elasticsearch.Net.ElasticsearchClientException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.. Call: Status code unknown from: POST /_bulk ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
This is a self signed certificate which explains the behavior.
When using curl, you can disable this check using -k option but this is only intended for tests and not for production, where you need to provide a real ssl certificate.
Hmm, bring a noob on these certificate matters, could you point me to any documentation of how to dockerize an Elasticsearch cluster using a real ssl certificate?
On the other hand, my deployment will never see the internet, is there anyway of using http?
I've copied all 4 .crt files found in the docker container folders:
/usr/local/share/ca-certificates/ca
/usr/local/share/ca-certificates/es01
/usr/local/share/ca-certificates/es02
/usr/local/share/ca-certificates/es03
to the host folder:
/usr/local/share/ca-certificates
then ran:
sudo update-ca-certificate
But that still gave me the same error. Maybe I'm not providing the right file? Wondering if anyone had any thoughts on this?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.