I have 7 node cluster and now i want to add another node for previous nodes i have
- master_node1.crt and master_node1.key
- master_node2.crt and master_node2.key
- master_node3.crt and master_node3.key
- data_node1.crt and data_node1.key
- data_node2.crt and data_node2.key
- data_node3.crt and data_node3.key
- data_node4.crt and master_node4.key
- ca.crt and ca.key
bin/elasticsearch-certutil cert --name ew2 --days 7300 --keysize 2048 --pem --ip xx.xx.xx.xx --out /etc/elasticsearch/ew2.zip
for new node i have the folllowing configuration..the configuration is same as the previous nodes
xpack.security.enabled: true
#xpack.security.audit.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.verification_mode: full
xpack.security.transport.ssl.key: certs/ew2/ew2.key
xpack.security.transport.ssl.certificate: certs/ew2/ew2.crt
xpack.security.transport.ssl.certificate_authorities: certs/ca/ca.crt
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: certs/ew2/ew2.key
xpack.security.http.ssl.certificate: certs/ew2/ew2.crt
xpack.security.http.ssl.certificate_authorities: certs/ca/ca.crt
but i got the warning
[2021-02-27T17:25:24,375][WARN ][o.e.x.c.s.t.n.SecurityNetty4Transport] [em2] client did not trust this server's certificate, closing connection Netty4TcpChannel{localAddress=/master_node_1:9300, remoteAddress=/data_node_4:47046}
How can i generate ssl certificate for new node in existing cluster if i have ca.crt and ca.key file ?
