Hi All,
I want to store snapshots in s3 storage where it requires mutual auth (mTLS) ( Note : S3 is minio based)
I have client.crt, client.key, root.crt at client side.
I tried these steps,
1. openssl pkcs12 -export -inkey client.key -in client.crt, -out $keystore_pkcs12 -password pass:$password && /usr/share/elasticsearch/jdk/bin/keytool -importkeystore -noprompt -srckeystore $keystore_pkcs12 -srcstoretype pkcs12 -destkeystore $keystore_jks -storepass $password -srcstorepass $password"
2. /usr/share/elasticsearch/jdk/bin/keytool -import -alias mycert -file root.crt -keystore $truststore_jks -deststorepass $password -noprompt "
3. added access key and secret key to elastic Keystore
3. JVM settings
-Djavax.net.ssl.trustStore=path to truststore.jks
-Djavax.net.ssl.trustStorePassword=changeit
-Djavax.net.ssl.trustStoreType=jks
-Djavax.net.ssl.keyStore=path to keystore.jks
-Djavax.net.ssl.keyStorePassword=changeit
-Djavax.net.ssl.keyStoreType=jks
when I tried to create a bucket
PUT _snapshot/my_s3_repository
{
"type": "s3",
"settings": {
"bucket": "moss123",
"endpoint": "s3.dev2.srv.prod.ksn-net.com"
}
}
Output:
{
"error": {
"root_cause": [
{
"type": "repository_verification_exception",
"reason": "[my_s3_repository] path is not accessible on master node"
}
],
"type": "repository_verification_exception",
"reason": "[my_s3_repository] path is not accessible on master node",
"caused_by": {
"type": "i_o_exception",
"reason": "Unable to upload object [tests-mK_2xuEeTHeKLpxWJidD_g/master.dat] using a single upload",
"caused_by": {
"type": "amazon_s3_exception",
"reason": "SSL Certificate Required (Service: Amazon S3; Status Code: 496; Error Code: 496 SSL Certificate Required; Request ID: null; S3 Extended Request ID: null)"
}
}
},
"status": 500
}
I am not really knowing, what to do here. stuck here for days. can anyone please help me with this.
I also tried replacing Keystore creation to
cat client.crt root.crt >> import.pem && openssl pkcs12 -export -inkey $keyfile -in import.pem -out $keystore_pkcs12 -name shared -password pass:$password && /usr/share/elasticsearch/jdk/bin/keytool -importkeystore -noprompt -srckeystore $keystore_pkcs12 -srcstoretype pkcs12 -destkeystore $keystore_jks -storepass $password -srcstorepass $password -alias shared
No luck. same error.
Thanks