Trying to setup ELK stack on my on-premise K8S cluster using helm charts. Have enabled x-pack security and both Elasticsearch and kibana are working fine after enabling transport, http security
I have used elasticsearch-certutil to create self signed certificate
When i try to run the logstash, i get the following error
[ERROR][logstash.licensechecker.licensereader] Unable to retrieve license information from license server {:message=>"Host name 'elasticsearch-master' does not match the certificate subject provided by the peer (CN=instance)"}
I am using the same set of certificate for logstash and have already set the ssl verification_mode to certificate, then why is it validating the hostname ?
Have been stuck with this issue and really appreaciate any help
Thanks for your reply. This setting i saw in the elasticsearch securitysetting allows you to disable hostname verification as i understood
You can optionally provide IP addresses or DNS names for each instance. If neither IP addresses nor DNS names are specified, the Elastic Stack products cannot perform hostname verification and you might need to configure the verification_mode security setting to certificate only
You are quoting the documentation for xpack.security.transport.ssl.verification_mode. That has three options (full, certificate, none). As I understand it, xpack.monitoring.elasticsearch.ssl.verification_mode has only two (certificate, which really means full, and none). And yes, folks are aware that this is confusing, but once you have made a less than perfect choice naming something it tends to be pretty hard to fix it without blowing up the installed base.
What finally worked for me, was to like you suggested - blowup the cluster, recreate them using a new certificate were CN of certificate matches elasticsearch.hosts
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.