Godaddy SSL Wildcard Certificate

Elastic Stack Elasticsearch
1

Hello there, I´m trying to use my godaddy wildcard ssl on elk stack but for some reason is not working. Can someone point me to the right direction? Follow my config:

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.key: certs/server.key
xpack.security.transport.ssl.certificate: certs/server.crt
xpack.security.transport.ssl.certificate_authorities: [ "certs/server_bundle-g2-g1.crt" ]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: certs/server.key
xpack.security.http.ssl.certificate: certs/server.crt
xpack.security.http.ssl.certificate_authorities: certs/server_bundle-g2-g1.crt

And this is the message I´m geeting:

[WARN ][o.e.h.AbstractHttpServerTransport] [elk] caught exception while handling client http traffic, closing connection Netty4HttpChannel{localAddress=/192.168.10.1:9200, remoteAddress=/172.0.0.10:58625}
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate

PS: When I donwload the certificate from godaddy, I receive this:
93rfs8dhf834hts.crt
93rfs8dhf834hts.pem
gd_bundle-g2-g1.crt
gdig2.crt.pem

Cheers.

2

@warkolm Can you please help me on that? It looks like the instructions for the certificate on elastic page focus only on self-certificate.

Thanks for the attention.

3

Please don't ping people directly, these forums do not offer any guarantees or commitments. Please be patient in waiting for your answer.

Received fatal alert: bad_certificate

An alert in SSL terms is a message from the other side of the connection. A fatal alert means that the other party is going to terminate the connection.

In this case, the HTTP client at remoteAddress=/172.0.0.10 is saying that it doesn't like your certificate.
I can only guess why that is - the bad_certificate alert doesn't provide any specifics. There's a chance if you look at what is running on 172.0.0.10 there may be more detailed information in the logs.

If I had to guess, then I'd say that the client on that address is connecting to your node using an address (hostname/IP) that is not covered by your wildcard certificate.

1 Like
4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.