I have a linux pc in my network running Elasticsearch 7.17 locally and not secured. There is already a lot of data indexed and now I want to perform searches from other pc's in the network so I decided I want to enable authenthication and SSL.
I followed this guide: guide on how to setup ssl/tls
My elasticsearch.yml is:
network.host: 0.0.0.0
node.name: elasticsearch-singlenode
discovery.type: single-node
# Enable X-Pack security
xpack.security.enabled: true
# Enable SSL/TLS for HTTP
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.key: certs/elasticsearch-singlenode/elasticsearch-singlenode.key
xpack.security.transport.ssl.certificate: certs/elasticsearch-singlenode/elasticsearch-singlenode.crt
xpack.security.transport.ssl.certificate_authorities: certs/ca/ca.crt
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: certs/elasticsearch-singlenode/elasticsearch-singlenode.key
xpack.security.http.ssl.certificate: certs/elasticsearch-singlenode/elasticsearch-singlenode.crt
xpack.security.http.ssl.certificate_authorities: certs/ca/ca.crt
After adding the certificates and having changed the elasticsearch.yml file I restarted the elasticsearch service:
sudo systemctl restart elasticsearch.service
It seems to be running, but when I then want to configure passwords by issueing following command from the pc itself:
bin/elasticsearch-setup-passwords interactive
Then I get:
10:05:19.317 [main] WARN org.elasticsearch.common.ssl.DiagnosticTrustManager - failed to establish trust with server at [192.168.2.121]; the server provided a certificate with subject name [CN=elasticsearch-singlenode] and fingerprint [ddc5e52b5bfbee6d1deb8a3ebbe06dc7e729ebad]; the certificate has subject alternative names [DNS:elastic.local]; the certificate is issued by [CN=Elastic Certificate Tool Autogenerated CA] but the server did not provide a copy of the issuing certificate in the certificate chain; the issuing certificate with fingerprint [9af8f8841e0bb577e0d1b66acbaa5b181d75442c] is trusted in this ssl context ([xpack.security.http.ssl])
java.security.cert.CertificateException: No subject alternative names matching IP address 192.168.2.121 found
...
How could I make this work?