Hi,
Recently I set up ssl for HTTP and TCP in elasticsearch but I'm constantly getting below error when trying to call elastic API
curl -k --cert MY_CERT.pem:Password 'https://localhost:9200/_xpack/security/_authenticate?pretty'
Error:
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "missing authentication credentials for REST request [/_xpack/security/_authenticate?pretty]",
"header" : {
"WWW-Authenticate" : [
"Bearer realm=\"security\"",
"ApiKey",
"Basic realm=\"security\" charset=\"UTF-8\""
]
}
}
],
"type" : "security_exception",
"reason" : "missing authentication credentials for REST request [/_xpack/security/_authenticate?pretty]",
"header" : {
"WWW-Authenticate" : [
"Bearer realm=\"security\"",
"ApiKey",
"Basic realm=\"security\" charset=\"UTF-8\""
]
}
},
"status" : 401
}
Elastic config:
cluster.name: local_test_cluster
node.name: master_main
network.host: 0.0.0.0
bootstrap.memory_lock: true
node.master: true
node.data: false
discovery.seed_hosts: localhost:9300
cluster.initial_master_nodes: master_main
xpack:
security:
enabled: true
transport:
ssl:
enabled: true
verification_mode: certificate
keystore:
path: certs/cert.p12
password: xyz
type: PKCS12
truststore:
path: certs/cert.p12
password: xyz
type: PKCS12
http:
ssl:
enabled: true
verification_mode: certificate
client_authentication: optional
keystore:
path: certs/cert.p12
password: xyz
type: PKCS12
truststore:
path: certs/cert.p12
password: XYZ
type: PKCS12
monitoring:
enabled: true
I've tried running:
bin/elasticsearch-setup-passwords interactive
and then
curl -k --cert MY_CERT.pem:PASWORD -u elastic:password 'https://localhost:9200/_xpack/security/_authenticate?pretty'
but then I'm getting:
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "failed to authenticate user [elastic]",
"header" : {
"WWW-Authenticate" : [
"Bearer realm=\"security\"",
"ApiKey",
"Basic realm=\"security\" charset=\"UTF-8\""
]
}
}
],
"type" : "security_exception",
"reason" : "failed to authenticate user [elastic]",
"header" : {
"WWW-Authenticate" : [
"Bearer realm=\"security\"",
"ApiKey",
"Basic realm=\"security\" charset=\"UTF-8\""
]
}
},
"status" : 401
}
Even if that worked then Id have to do this in my target environment where elastic is deployed and I cannot do that. Can someone help on this one?