I have a server that I connect to through <Server-IP-Address>:22226
, my java client uses port 8099, while elasticsearch is installed on docker on the same server but with port 9200. I got the certificate from elasticsearch on the server by using this command to generate the http_ca.crt
:
docker cp esdemo01:/usr/share/elasticsearch/config/certs/http_ca.crt .
Now, the code is working correctly, the Java client can communicate with the elasticsearch and I can use it, only when the Java Client and Elasticsearch are found on the same server, and Java Client is calling elasticsearch through the following uri: localhost:9200
. But as soon as I try to call Elasticsearch from an external Java client, the same exact Java client, using this uri <Server-IP-Address>:9200
, I get the error Host is unreachable
.
First, I thought its an issue with mapping ports after some research, I looked at the elasticsearch logs, I can see that the call is reaching elasticsearch, but its certificate is being refused, the same certificate found on the same Java Client on the Server that is working fine, so, it cant be an issue with mapping ports.
{"@timestamp":"2023-01-20T14:21:11.622Z", "log.level": "WARN", "message":"http client
did not trust this server's
certificate, closing connection Netty4HttpChannel{localAddress=/172.18.0.2:9200,
remoteAddress=/193.227.174.146:57276}", "ecs.version": "1.2.0","service.name":"ES_ECS",
event.dataset":"elasticsearch.server","process.thread.name":"elasticsearch[24f3d2b8b774][transport_worker][T#8]",
"log.logger":"org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport",
"elasticsearch.cluster.uuid":"g8TSlBMmS5aBx--9kmniwQ","elasticsearch.node.id":"_3ZfQJXzQse377jHO6JQsA",
"elasticsearch.node.name":"24f3d2b8b774","elasticsearch.cluster.name":"docker-cluster"}
Next, I tested if I can reach elasticsearch on the server using external postman, with SSL certificate disabled, it worked, it returned data, using this command
https://<Server-IP-Address>:9200/_cat/nodes?v&pretty
I am pretty much sure its an issue with creating a certificate for the external Java Client, or the Server, but I cant figure how to do it using docker, I tried following this Elasticsearch guide: Set up basic security for the Elastic Stack | Elasticsearch Guide [8.6] | Elastic, but I failed to follow through. I also tried following this video: Elastic Search Installation | Elasticsearch Rest Java client HTTP and HTTPs Connection with Example - YouTube, but also I failed to follow through with the keytool part, I know that its linux equivelant is openSSL command, but I could not get it to work, an error with the way I written it.