Docker services use their internal DNS to resolve "elasticsearch", so I can point kibana at "https://elasticsearch:9200".
The problem is, I have to set verification mode to "certificate" because the https certificate is for my domain, not for "elasticsearch".
I googled "subject alternative names" and it doesn't look like I can generate a certificate (I'm using letsencrypt) for "elasticsearch" - because anyone could do that!
So, if I'm using docker, and dns resolution is via docker, must we always use certificate instead of full? Or is there something else I'm missing?
Is it possible to use both a real certificate + key so it resolves to a public domain name, and a self-signed certificate + key with CA that signed it (as the docs show), so that I can have the best of both worlds?
Publicly I would be able to visit this on https by it's domain name, and then Kibana could use full verification mode when talking to Elasticsearch internally within docker.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.