I'm running ES "7.4.0". I've installed it by myself.
Eventually I edited bin\elasticsearch.bat file and launched ES from command line. The output indeed contains the Certificate
, but I have no expertise to claim if it works as you expected. Can you please check the below output and reply?
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
elasticsearch[DANIELS-HRLP][http_server_worker][T#3], READ: TLSv1.2 Handshake, length = 142
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1586348129 bytes = { 7, 158, 143, 229, 133, 44, 172, 157, 235, 158, 191, 198, 164, 223, 22, 22, 222, 184, 53, 229, 80, 101, 196, 55, 26, 12, 137, 30 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {unknown curve 29, secp256r1, secp384r1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA256withRSA, SHA384withRSA, SHA1withRSA, SHA256withECDSA, SHA384withECDSA, SHA1withECDSA, SHA1withDSA, SHA512withRSA, SHA512withECDSA
Unsupported extension type_35, data:
Extension extended_master_secret
Extension renegotiation_info, renegotiated_connection: <empty>
***
%% Initialized: [Session-2, SSL_NULL_WITH_NULL_NULL]
Standard ciphersuite chosen: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
%% Negotiating: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
*** ServerHello, TLSv1.2
RandomCookie: GMT: 1586348129 bytes = { 150, 117, 99, 53, 221, 70, 49, 142, 235, 227, 251, 188, 49, 63, 92, 176, 96, 234, 213, 0, 177, 208, 164, 55, 130, 175, 164, 200 }
Session ID: {95, 142, 192, 97, 235, 233, 173, 102, 190, 101, 160, 199, 64, 254, 83, 69, 193, 178, 187, 50, 17, 90, 44, 189, 29, 29, 71, 249, 23, 89, 147, 243}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
Extension extended_master_secret
***
Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=instance
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 17339886944325530558202443720358344879439047534889386346318357967262331383966095545655428747520682500883334211781901276174982747348954783590757911297900500102938690218140226726992815557172532131863894853270381383637415822868871339187419766415195433420236532818876970462758404356176782008512898162845916076003312372923083663040486401363551406210114674646758744281114098008882890154276800272681906334379527527779199726049722239387213880783566646912837609021273607991252783517932538298227034667284170510889648818375102223472312623211370128045338757452619904598495599783495786718579027307925805255097609764074717329821201
public exponent: 65537
Validity: [From: Sun Oct 18 20:07:36 IDT 2020,
To: Wed Oct 18 20:07:36 IDT 2023]
Issuer: CN=Elastic Certificate Tool Autogenerated CA
SerialNumber: [ 2f3da8f6 e780d9d8 139983f7 44641e2f 2d5a777b]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: BD 77 6E 72 E4 F7 50 B3 59 16 8F F7 4F 21 5A 08 .wnr..P.Y...O!Z.
0010: 62 F1 C2 6D b..m
]
]
[2]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 34 8F 0E 3A DA FD 6A 1A 02 E6 98 66 12 92 53 30 4..:..j....f..S0
0010: 1C C5 ED CE ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 2A 2A 31 F6 54 FD 25 98 FA 75 64 1A EA 77 FC 0B **1.T.%..ud..w..
0010: 04 36 38 06 DC 9C 69 09 CC 80 AF C4 A3 04 06 B0 .68...i.........
0020: 1D 36 47 DE F4 F8 FB 7E B0 7E 0E 8D 5A E4 16 87 .6G.........Z...
0030: D0 84 4E AD 20 2A E8 CF 8E 84 2D 6C A0 5A 14 E3 ..N. *....-l.Z..
0040: 4C 92 F2 61 CA A1 79 59 B9 3F 7C F7 03 FE B6 91 L..a..yY.?......
0050: E8 F6 0A 6F EE 7E AE D5 13 B4 D0 AF 67 5C 32 9A ...o........g\2.
0060: F9 05 75 BE 28 28 7E A9 CE D6 4F A4 90 F9 E4 C7 ..u.((....O.....
0070: 55 05 83 46 E7 7A 3A 1B F2 0A FE 14 DD 70 D8 47 U..F.z:......p.G
0080: C2 CE DE 62 46 25 16 D0 EB 11 BA 1D 8F 1D EA 6A ...bF%.........j
0090: 76 0D E4 BA 40 83 9F 3E 1E D2 F4 11 AA F7 68 3D v...@..>......h=
00A0: F0 0D E1 EA F2 BC 29 5D 97 91 FC 84 D8 10 49 6B ......)]......Ik
00B0: 71 AB F7 02 D4 C1 6F BB 1F 05 44 32 20 78 A4 11 q.....o...D2 x..
00C0: 83 D9 62 00 25 C8 AB 6D 59 5A 0B C0 15 AB 17 01 ..b.%..mYZ......
00D0: D5 E3 51 03 4E B0 1E A0 94 D6 AD D2 06 8D 28 4A ..Q.N.........(J
00E0: 04 F4 15 76 D3 8C 87 68 7B CB F4 E5 96 AB 83 1A ...v...h........
00F0: 34 51 BE 83 65 89 47 74 21 FE D4 F6 84 8B 4B 4D 4Q..e.Gt!.....KM
]
chain [1] = [
[
Version: V3
Subject: CN=Elastic Certificate Tool Autogenerated CA
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 20994180528997898935323779891755216516753753319468430641704669575194834315119893382939525703587130447092126985286605968792018283876486705923654540568549800734171492095704388087663418756790091283104937796049675050286011599259137947783157116071155104227272769428594439079155744910120936903631953889635362158877700477678081959024315588387754014525050542610228114833885332911769617925234385073443225001776646665911623887362041714617288290718366561508089654408453552564007247855937719551622188549305633478037266503726892034519888772095207592338686657870190919351615116130848550277785499876223423704931086080764689071230007
public exponent: 65537
Validity: [From: Sun Oct 18 20:02:16 IDT 2020,
To: Wed Oct 18 20:02:16 IDT 2023]
Issuer: CN=Elastic Certificate Tool Autogenerated CA
SerialNumber: [ b9c11120 55e72f47 c30916f2 be1e452e bd51363d]
Certificate Extensions: 3
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: BD 77 6E 72 E4 F7 50 B3 59 16 8F F7 4F 21 5A 08 .wnr..P.Y...O!Z.
0010: 62 F1 C2 6D b..m
]
]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: BD 77 6E 72 E4 F7 50 B3 59 16 8F F7 4F 21 5A 08 .wnr..P.Y...O!Z.
0010: 62 F1 C2 6D b..m
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 44 F5 99 A4 DD 55 09 85 9E D6 40 89 C0 40 96 93 D....U....@..@..
0010: C6 6F 66 FD 59 8F 8A 16 2D 89 3D B8 5E EF A5 55 .of.Y...-.=.^..U
0020: DC 51 55 22 C8 3A B8 AF 65 16 79 7C 2D A2 7D DD .QU".:..e.y.-...
0030: D4 C2 D3 F5 2C 83 13 B0 CC 58 3F FC 65 D5 3A 63 ....,....X?.e.:c
0040: B6 50 AC F2 C6 52 85 95 60 F7 E3 5A B0 DE B5 7D .P...R..`..Z....
0050: E4 E7 7B E5 B1 11 3A 48 1E 6B 3C F3 43 90 93 BC ......:H.k<.C...
0060: C1 A4 87 7C E9 FA E6 CA 70 A4 D7 29 49 21 0E 38 ........p..)I!.8
0070: 57 E8 F8 FE 3E 6E 7D 79 0D DF B0 5D 48 03 E1 BD W...>n.y...]H...
0080: A2 0A 38 C4 4F 39 62 E7 2C DF 8E 60 B0 DB C8 27 ..8.O9b.,..`...'
0090: A7 D3 41 82 13 45 27 F7 95 39 04 C7 97 B7 C3 70 ..A..E'..9.....p
00A0: 55 A7 0A 58 E9 0A 31 D8 46 D2 A2 A6 F1 A7 D3 1C U..X..1.F.......
00B0: 0E 99 28 45 36 C0 56 0D 11 5E 5F FB 17 2D 2B 91 ..(E6.V..^_..-+.
00C0: BE 59 0A FF 3C C8 D5 BB 97 6E 8C 2F AD 27 BF FD .Y..<....n./.'..
00D0: C1 68 55 A1 A6 5E 91 3B DC 2F 18 89 13 E0 0A 88 .hU..^.;./......
00E0: D1 8B 83 89 3F 9B 21 9C CD FE B3 46 E0 7E DB 42 ....?.!....F...B
00F0: F9 C7 AC 45 FB D8 14 18 62 92 63 B4 34 7B 85 74 ...E....b.c.4..t
]