@TimV I created those certificates again with the "--ip" parameter and then tried again setting up the password through "elastic-setup-passwords".
But, this time I received the following error:
"SSL connection to https://10.12.218.37:9200/_xpack/security/_authenticate?pretty failed: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Please check the elasticsearch SSL settings under xpack.security.http.ssl. "
I have already set those parameters in config file.
Currently, I am able to open the node in the browser with the link: https://10.12.218.37:9200
But, for all the username and password combination it is failing and I am unable to access the cluster..
I tried setting up the "elastic" username's password by setting up the bootstrap password:
sudo bin/elasticsearch-keystore add "bootstrap.password"
I also tried adding few more superusers with the following command:
sudo bin/elasticsearch-users useradd user -p password -r superuser
Those users are added properly as I am able to confirm it with then following command:
sudo bin/elasticsearch-users list
Still, I am unable to access my clusters as adding those username and passwords is not giving me access to the cluster.
Below is the config file:
'''
cluster.name: elasticsearch
node.name: udl47Q8
node.master: true
node.data: true
node.attr.rack: dfw
cluster.routing.allocation.awareness.force.cloud.values: rack
path.data: /data/elasticsearch
path.logs: /data/log/elasticsearch
bootstrap.memory_lock: true
network.host: 10.12.218.37
http.port: 9200
discovery.zen.ping.unicast.hosts: ["10.12.11.60", "10.12.15.110", "10.12.137.203", "10.12.11.89", "10.12.11.97", "10.12.120.219", "10.12.11.57", "10.12.15.92", "10.12.14.20", "10.12.15.178", "10.12.15.179", "10.12.30.211", "10.12.30.209", "10.12.30.210", "10.12.30.201","10.12.11.118", "10.12.13.103", "10.12.30.202", "10.12.24.223"]
#discovery.zen.minimum_master_nodes: 2
#gateway.recover_after_nodes: 3
#gateway.expected_nodes: 1
action.destructive_requires_name: true
http.cors.allow-origin: "*"
http.cors.enabled: true
#settings for x-pack
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/local/etc/elasticsearch/elastic-stack-ca.p12
xpack.security.transport.ssl.truststore.path: /usr/local/etc/elasticsearch/elastic-stack-ca.p12
xpack.security.http.ssl.enabled : true
xpack.security.http.ssl.verification_mode: full
xpack.security.http.ssl.keystore.path: /usr/local/etc/elasticsearch/elastic-stack-ca.p12
xpack.security.http.ssl.truststore.path: /usr/local/etc/elasticsearch/elastic-stack-ca.p12
action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-history*,.ml*
'''
In my logs, I am also receiving the following error:
" Caused by: io.netty.handler.ssl.NotSslRecordException: not an SSL/TLS record elasticsearch "