I try to connect Eleasticsearch 6.8.0 via TransportClient(enable TLS), I created ca with command "./bin/elasticsearch-certutil ca --pem", then I unzip the zip file, move the ca profile to elasticsearch/config/ directory.
Then I created instance.crt and instance.key with command "./bin/elasticsearch-certutil cert --ca-cert config/ca/ca.crt --ca-key config/ca/ca.key --pem", I unzip the instance.zip and move the instance profile to elasticsearch/config/ directory.
This is configuration used in my elasticsearch.yml:
Then I copy ca.crt、instance.key and instance.crt to the other computer where I want to connect ES cluster with JAVA API.
This is the code:
Settings.Builder builder = Settings.builder();
builder.put("cluster.name", es_server_clustername);
builder.put("xpack.security.user", "username:password");
builder.put("xpack.ssl.key", "/mypath/instance.key");
builder.put("xpack.ssl.certificate", "/mypath/instance.crt");
builder.put("xpack.ssl.certificate_authorities", "/mypath/ca.crt");
builder.put("xpack.security.transport.ssl.enabled", "true");
Settings settings = builder.build();
client = new PreBuiltXPackTransportClient(settings);
while connecting transport client I am getting below error on elasticsearch:
[2019-06-19T18:50:56,309][WARN ][o.e.x.c.s.t.n.SecurityNetty4Transport] [jo-2] client did not trust this server's certificate, closing connection Netty4TcpChannel{localAddress=0.0.0.0/0.0.0.0:9300, remoteAddress=/172.x.x.xxx:63194}
I think I config according to the ES document, can you tell me what the problem is?
I strongly discourage using the same certificate+key for both the server and client. I would recommend that you create a new "client" cert using the same CA cert.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.