Elasticsearch curl output returning error

Hi all,

I am trying to setup ELK cluster with 7.16 version with X-pack enabled and SSL certificates configured.

I am doing it in ubuntu where we have ansible code to deploy the stack which was developed by a person earlier and I am using the same.
Based on my knowledge things working fine but when executing Elasticsearch curl with localhost I am getting below error where as with looks fine.

curl -ks -u  -XGET https://localhost:9200/_cluster/health?pretty
  "error" : {
    "root_cause" : [
        "type" : "security_exception",
        "reason" : "unable to authenticate user [elastic] for REST request [/_cluster/health?pretty]",
        "header" : {
          "WWW-Authenticate" : [
            "Basic realm=\"security\" charset=\"UTF-8\"",
            "Bearer realm=\"security\"",
    "type" : "security_exception",
    "reason" : "unable to authenticate user [elastic] for REST request [/_cluster/health?pretty]",
    "header" : {
      "WWW-Authenticate" : [
        "Basic realm=\"security\" charset=\"UTF-8\"",
        "Bearer realm=\"security\"",
  "status" : 401
root@V:/usr/share/elasticsearch/bin# curl -ks -XGET
  "cluster_name" : "elk-test",
  "status" : "green",
  "timed_out" : false,
  "number_of_nodes" : 4,
  "number_of_data_nodes" : 3,
  "active_primary_shards" : 4,
  "active_shards" : 8,
  "relocating_shards" : 0,
  "initializing_shards" : 0,
  "unassigned_shards" : 0,
  "delayed_unassigned_shards" : 0,
  "number_of_pending_tasks" : 0,
  "number_of_in_flight_fetch" : 0,
  "task_max_waiting_in_queue_millis" : 0,
  "active_shards_percent_as_number" : 100.0

Here is my elasticsearch.yml file

node.name: elasticsearch-01
cluster.name: elk-test
network.host: [_local_, _site_]
network.publish_host: "10.*"

http.bind_host: [_local_]
http.publish_host: _local_
http.cors.enabled: true
http.cors.allow-origin: "*"

discovery.zen.ping.unicast.hosts: ["10.*", "10.*", "10.*`Preformatted text`"]
discovery.zen.minimum_master_nodes: 2
path.data: /data1/elasticsearch
path.logs: /var/log/elasticsearch

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.supported_protocols: TLSv1.2
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/ssl/private/elasticsearch-01.key.pem
xpack.security.transport.ssl.certificate: /etc/elasticsearch/ssl/elasticsearch-01.cert.pem
xpack.security.transport.ssl.certificate_authorities: ["/etc/elasticsearch/ssl/elasticsearch-01.cert.pem", "/etc/elasticsearch/ssl/elas
ticsearch-02.cert.pem", "/etc/elasticsearch/ssl/elasticsearch-03.cert.pem", "/etc/elasticsearch/ssl/logstash-01.cert.pem", "/etc/elasti

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.supported_protocols: TLSv1.2
xpack.security.http.ssl.key: /etc/elasticsearch/ssl/private/elasticsearch-01.key.pem
xpack.security.http.ssl.certificate: /etc/elasticsearch/ssl/elasticsearch-01.cert.pem

I see the services are up and running and the certificates are self signed. I suspect something going wrong but unable to figure-out where the issue is.

Since ES is not running with localhost Kibana url is not working and getting the messages "Kibana is not yet ready" from the browser.

Any clue would help to move forward..

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.