Curl command inside kibana pod:
curl --cacert /usr/share/kibana/config/elasticsearch-certs/ca.crt -v https://clustername-es-http.namespace.svc:30040
* Rebuilt URL to: https://clustername-es-http.namespace.svc:30040/
* Trying 22.214.171.124...
* TCP_NODELAY set
* Connected to clustername-es-http.namespace.svc (126.96.36.199) port 30040 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /usr/share/kibana/config/elasticsearch-certs/ca.crt
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
I think the issue is clear, it is because of ca.crt but I have provided the exact ca.crt which I was using in Elasticsearch.
Could you please help me to debug and resolve the issue.