Host name "<ip addr>" does not match certificate subject provided by peer

ZillaG · October 19, 2016, 8:10pm

ES v2.4.1 and corresponding v2.4.1 Searchguard-SSL and Searchguard plugins

i used the Searchguard SSL script to generate my cert/key/jks files, with modifications to the DN. I copied the *.jks file to /etc/elasticsearch.

I have Logstash setup to index into ES, with the output setup this way

    output {
      elasticsearch {
        user => logstash
        password => 'pw'
        ssl => true
        ssl_certificate_verification => true
        truststore => "/etc/elasticsearch/truststore.jks"
        truststore_password => pw
        hosts => ["https://10.x.x.26:9200"]
        index => "logstash-%{customer}"
      }
  }

I get the following from the logstash logs

"Host name '10.x.x.26' does not match the certificate subject provided by the peer (CN=10.x.x.26, OU=Company, O=DevOps, L=Raleigh, C=US)",

How do I fix this?

polyfractal · October 19, 2016, 8:12pm

I think you'll likely have better luck asking over at the Searchguard repo. Since this is an unofficial plugin, we don't really know much about it

ZillaG · October 19, 2016, 8:58pm

Ok thanks. I posted on the SG group.

slmingol · October 20, 2016, 12:32am

The link to the Search Guard forum question: https://groups.google.com/forum/#!topic/search-guard/H-gksaA4z7g.

Topic		Replies	Views
Elasticsearch filter, ca_file problem Logstash	2	268	November 13, 2022
Does not match the certificate subject provided by the peer Logstash elastic-stack-security	4	4152	March 25, 2021
Logstash monitoring ssl Logstash	2	454	July 7, 2018
Logstash throws out 'Host name does not match the certificate subject provided by the peer' error Logstash elastic-stack-security	3	4745	May 19, 2021
Host name does not match the certificate Elasticsearch elastic-stack-security	5	11537	August 6, 2019

Host name "<ip addr>" does not match certificate subject provided by peer

Related topics