Recently we installed 5 nodes as an Elasticsearch 8.14 cluster in Azure virtual machine. Then initiated one Azure application gateway as load balancer for the Elasticsearch cluster. Need to upload es cluster ssl certificate in Azure application gateway.
I uploaded http_ca.crt, converted it as http_ca.cer, uploaded it into Azure application gateway. As the below screenshot from Azure application gateway, it failed to connect to es cluster. How to generate es ssl cert for Azure application gateway? Who can give me more detailed guide?
The error seems to be indicating that certificate is not providing a matched common name which you're using to access elasticsearch.
That's pretty common problem.
You need to create the HTTPS certificate That contains the common name, DNS name, and or IP addresses that you're going to use to access the elasticsearch services.from the load balancer
Then I need to substitute the http.p12 with the newly-generated p12 file in each node, extract the CA file from elastic-stack-ca.p12, upload the CA file to Azure application gateway. Right?
Well, only if you want to send an authenticated request.... you can use an API key... in the Header and hit health endpoint. Once locked down everything is authenticated...
Thanks for your kind guide.
I did what you suggested in master node. But while I executed "/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node", I faced another issue. What should I do?
Unable to create enrollment token for scope [node]
ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificate, with exit code 73
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
