I am setting Elasticsearch 7.12 cluster for the first time and i see below errors:
There seems to be some xpack setup issue:
`$ bin/Elasticsearch-setup-passwords interactive
warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME
08:51:29.774 [main] DEPRECATION org.Elasticsearch.deprecation.common.settings.Settings - [keystore.password] setting was deprecated in Elasticsearch and will be removed in a future release! See the breaking changes documentation for the next major version.
08:51:29.781 [main] DEPRECATION org.Elasticsearch.deprecation.common.settings.Settings - [keystore.password] setting was deprecated in Elasticsearch and will be removed in a future release! See the breaking changes documentation for the next major version.
08:51:30.686 [main] WARN org.Elasticsearch.common.ssl.DiagnosticTrustManager - failed to establish trust with server at [10.203.36.162]; the server provided a certificate with subject name [C=US,ST=California,O=Apple Inc.,OU=management:idms.group.949016,CN=rn-boltd-lapp18.rno.apple.com] and fingerprint [8cb0da0a39b2df3b80ca3a8c4613c888b6f22f32]; the certificate has subject alternative names [DNS:rn-boltd-lapp18.rno.apple.com]; the certificate is issued by [C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple Corporate Server CA 1]; the certificate is signed by (subject [C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple Corporate Server CA 1] fingerprint [ba688c9b20190e2fa4edad752275fd4837bedcff]) signed by (subject [C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple Corporate Root CA] fingerprint [a171dcdee08b1bae30a1ae6cc6d4033bfdef91ce] {trusted issuer}) which is self-issued; the [C=US,O=Apple Inc.,OU=Certification Authority,CN=Apple Corporate Root CA] certificate is trusted in this ssl context ([xpack.security.http.ssl])
java.security.cert.CertificateException: No subject alternative names matching IP address 10.203.36.162 found
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:160) ~[?:?]
at sun.security.util.HostnameChecker.match(HostnameChecker.java:96) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:429) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129) ~[?:?]
at org.Elasticsearch.common.ssl.DiagnosticTrustManager.checkServerTrusted(DiagnosticTrustManager.java:79) [Elasticsearch-ssl-config-7.12.1.jar:7.12.1]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:625) [?:?]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:460) [?:?]
at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:360) [?:?]`
Below is my Elasticsearch.yml file:
`
cluster.name: bolt_elastic_stg_x
http.host: rn-XYXABC.XYZ.com
network.host: rn-XYXABC.XYZ.com
transport.tcp.port: 9300
node.name: MASTER1
node.master: true
node.data: true
http.port: 9200
discovery.zen.ping.unicast.hosts: ["rn-XYXABC.XYZ.com:9300", "rn-boltd-server2:9300","rn-boltd-server3:9300"]
path.data: /ngs/app/boltd/Elasticsearch/data
path.logs: /ngs/app/boltd/Elasticsearch/logs
bootstrap.system_call_filter: false
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.supported_protocols: TLSv1.2
xpack.security.http.ssl.client_authentication: optional
xpack.security.http.ssl.keystore.password: testpassword
xpack.security.http.ssl.keystore.path: /ngs/app/boltd/Elasticsearch/Elasticsearch-7.12.1/config/keystore/keystore.jks
xpack.security.transport.ssl.keystore.password: boltelastic
xpack.security.transport.ssl.keystore.path: /ngs/app/boltd/Elasticsearch/Elasticsearch-7.12.1/config/keystore/keystore.jks
xpack.security.transport.ssl.enabled: true
xpack.security.authc.realms:
ldap.ldap1:
order: 1
url: "ldaps://ldap.example.com/"
user_dn_templates:
- "cn={0}, ou=users, o=marketing, dc=example, dc=com"
- "cn={0}, ou=users, o=engineering, dc=example, dc=com"
#xpack.security.authc.realms.ssl.type: pki
xpack.security.transport.ssl.verification_mode: certificate
#xpack.security.authc.realms.ssl.order: 0
-bash-4.2$ `
pls help here