Hi, I setup elasticsearch on centos 3-nodes cluster. It worked well until I enabled xpack. I'm using .crt, .key, and ca.crt certs. Here are my config entries:
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: "path to key"
xpack.security.http.ssl.certificate_authorities: "path to ca cert"
xpack.security.http.ssl.certificate: "path to cert"
xpack.security.http.ssl.client_authentication: optional
xpack.security.transport.ssl.verification_mode: certificate (commented out for trouble shooting)
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.key: "path to cert"
xpack.security.transport.ssl.certificate: "path to cert"
xpack.security.transport.ssl.certificate_authorities: [ "path to ca cert" ]
Running curl -XPUT 'localhost:9200/idx',
curl: (52) Empty reply from server
running:
curl --cert 'path to cert'--key 'path to key' --cacert 'path to ca cert' 'https://localhost:9200/_xpack/security/_authenticate?pretty'
produces:
-
NSS error -12276 (SSL_ERROR_BAD_CERT_DOMAIN)
-
Unable to communicate securely with peer: requested domain name does not match the server's certificate.
-
Closing connection 0
curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.
Both the host FQDN and cert have the same domain name. What could be the problem.