I am setting up a three node cluster currently, Got it working successfully without security, which I am trying currently,
From the organization I got a signed certificate on the DNS name which is load balanced externally on all three nodes. After signing I have a dns cert (with SAN updated on all three host names), intermediate cert and a root cert.
And below is my configuration on elasticsearch.yml,
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /apps/elasticsearch/certs/node01-cert.key
xpack.security.transport.ssl.certificate: /apps/elasticsearch/certs/node01-cert.cer
xpack.security.transport.ssl.certificate_authorities: [ "/apps/elasticsearch/certs/root-cert.cer" ]
When I start the cluster I am getting below error,
[2018-11-28T16:37:39,298][WARN ][o.e.x.s.t.n.SecurityNetty4ServerTransport] [node01] client did not trust this server's certificate, closing connection NettyTcpChannel{localAddress=0.0.0.0/0.0.0.0:9300, remoteAddress=/1.1.1.1:43166}
Can you please help in understanding against which root cert this is verified against, or any other guidance ...
Note: I do not have the CA bundle from the company
Thanks in advance.
Thanks,
Sivakumar