Hello Team
I am using Elasticsearch version 7.8.0.
I am having two clusters :
a. Local cluster
b. remote cluster.
Remote Cluster has Authentication implemented with CA Certificates generated for himself.
Similarly Local Cluster has Authentication implemented with CA Certificates generated for himself.
In Local Cluster, elasticsearch.yl file has below entires --
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates.p12
cluster.remote.cluster_rmt.seeds: 172.22.11.74:9300
cluster.remote.cluster_rmt.transport.ping_schedule: 60s
Remote Cluster has
xpack.license.self_generated.type: basic
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates.p12
xpack.security.transport.ssl.client_authentication: required
Note : Both Cluster has independent CA Certificates generated using "elasticsearch-certutil" utility.
When i start Local Cluster Node , I am getting below Error :
[2020-12-28T11:10:12,634][WARN ][o.e.c.s.DiagnosticTrustManager] [node-1] failed to establish trust with server at [<unknown host>]; the server provided a certificate with subject name [CN=instance] and fingerprint [275fc1cae0eb692423faa56aecbb8056dbbf6308]; the certificate has subject alternative names [IP:172.22.11.74,IP:172.22.11.73]; the certificate is issued by [CN=Elastic Certificate Tool Autogenerated CA]; the certificate is signed by (subject [CN=Elastic Certificate Tool Autogenerated CA] fingerprint [eb9e4643caef03ccdc17bc869615d50ad4c37b85]) which is self-issued; the [CN=Elastic Certificate Tool Autogenerated CA] certificate is not trusted in this ssl context ([xpack.security.transport.ssl]); this ssl context does trust a certificate with subject [CN=Elastic Certificate Tool Autogenerated CA] but the trusted certificate has fingerprint [91686e888ea31302ef38e798a538f7eff623da58]
And at same time in remote cluster it has below message
[2020-12-28T11:09:55,953][WARN ][o.e.x.c.s.t.n.SecurityNetty4Transport] [node-1] client did not trust this server's certificate, closing connection Netty4TcpChannel{localAddress=0.0.0.0/0.0.0.0:9300, remoteAddress=/172.22.11.73:36856}
Could you please guide me to fix this error.
Thanks
Tushar Nemade