Host name "<ip addr>" does not match certificate subject provided by peer


(ZillaG) #1

ES v2.4.1 and corresponding v2.4.1 Searchguard-SSL and Searchguard plugins

i used the Searchguard SSL script to generate my cert/key/jks files, with modifications to the DN. I copied the *.jks file to /etc/elasticsearch.

I have Logstash setup to index into ES, with the output setup this way

    output {
      elasticsearch {
        user => logstash
        password => 'pw'
        ssl => true
        ssl_certificate_verification => true
        truststore => "/etc/elasticsearch/truststore.jks"
        truststore_password => pw
        hosts => ["https://10.x.x.26:9200"]
        index => "logstash-%{customer}"
      }
  }

I get the following from the logstash logs

"Host name '10.x.x.26' does not match the certificate subject provided by the peer (CN=10.x.x.26, OU=Company, O=DevOps, L=Raleigh, C=US)",

How do I fix this?


(Zachary Tong) #2

I think you'll likely have better luck asking over at the Searchguard repo. Since this is an unofficial plugin, we don't really know much about it :slight_smile:


(ZillaG) #3

Ok thanks. I posted on the SG group.


(Sam Mingo) #4

The link to the Search Guard forum question: https://groups.google.com/forum/#!topic/search-guard/H-gksaA4z7g.


(system) #5