Host name "<ip addr>" does not match certificate subject provided by peer

ZillaG · October 19, 2016, 8:10pm

ES v2.4.1 and corresponding v2.4.1 Searchguard-SSL and Searchguard plugins

i used the Searchguard SSL script to generate my cert/key/jks files, with modifications to the DN. I copied the *.jks file to /etc/elasticsearch.

I have Logstash setup to index into ES, with the output setup this way

    output {
      elasticsearch {
        user => logstash
        password => 'pw'
        ssl => true
        ssl_certificate_verification => true
        truststore => "/etc/elasticsearch/truststore.jks"
        truststore_password => pw
        hosts => ["https://10.x.x.26:9200"]
        index => "logstash-%{customer}"
      }
  }

I get the following from the logstash logs

"Host name '10.x.x.26' does not match the certificate subject provided by the peer (CN=10.x.x.26, OU=Company, O=DevOps, L=Raleigh, C=US)",

How do I fix this?

polyfractal · October 19, 2016, 8:12pm

I think you'll likely have better luck asking over at the Searchguard repo. Since this is an unofficial plugin, we don't really know much about it

ZillaG · October 19, 2016, 8:58pm

Ok thanks. I posted on the SG group.

slmingol · October 20, 2016, 12:32am

The link to the Search Guard forum question: https://groups.google.com/forum/#!topic/search-guard/H-gksaA4z7g.