Elasticsearch6.8.0 verify global certificate exception

sunweiconfidence · July 17, 2019, 5:50am

hi,

when i configure 3 nodes to enable internode communication, i use pfx and p12 certificate from applying global cert,
now i meet with below exception when start 3 nodes elasticsearch service

error1 error2

btw, i use self signed cert is ok for 3 nodes
my elasticsearch.yml as below:
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please see the documentation for further information on configuration options:
# http://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: Elasticsearch_FailOver
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: Server1_MASTER
node.master: true
node.data: true
node.ingest: true
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
#path.data: /path/to/data
#
# Path to log files:
#
#path.logs: /path/to/logs
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: Server1.dnssuffix
#
# Set a custom port for HTTP:
#
http.port: 9500
transport.tcp.port: 9501
#
# For more information, see the documentation at:
# http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-network.html
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.zen.ping.unicast.hosts: ["Server1.dnssuffix:9501","Server2.dnssuffix:9501","Server3.dnssuffix:9501"]
# Prevent the "split brain" by configuring the majority of nodes (total number of nodes / 2 + 1):
#
discovery.zen.minimum_master_nodes: 2
discovery.zen.ping_timeout: 5m
discovery.zen.fd.ping_retries: 5
#
# For more information, see the documentation at:
# http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-discovery.html
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, see the documentation at:
# http://www.elastic.co/guide/en/elasticsearch/reference/current/modules-gateway.html
#
# ---------------------------------- Various -----------------------------------
#
# Disable starting multiple nodes on a single system:
#
#node.max_local_storage_nodes: 1
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true

http.cors.allow-origin:  "/.*/"
http.cors.enabled: true
#http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type
http.type: security4

#x-pack security configuration
xpack.security.enabled: true
xpack.security.http.ssl.supported_protocols: TLSv1.2
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "Server1.dnssuffix.p12"
xpack.security.http.ssl.truststore.path: "Server1.dnssuffix.p12"
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.supported_protocols: TLSv1.2
xpack.security.transport.ssl.keystore.path: "Server1.dnssuffix.p12"
xpack.security.transport.ssl.truststore.path: "Server1.dnssuffix.p12"

ikakavas · July 22, 2019, 11:32am

Please don't post images of text as they are hard to read, may not display correctly for everyone, and are not searchable. Also please don't post unformatted code /configuration/logs as it's very hard to read.

Instead, paste the text and format it with </> icon or pairs of triple backticks (```), and check the preview window to make sure it's properly formatted before posting it. This makes it more likely that your question will receive a useful answer.

It would be great if you could update your post to solve this.

system · August 19, 2019, 11:32am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.