I've built a two node cluster and connected each node with no issues. I've installed the x-pack plugin and I'm trying to add SSL/TLS. Rather than generating a separate self-signed certificate for each node, I've got a wildcard certificate that was signed by a well-known commercial CA.
Both nodes are running on separate Amazon EC2 instances. The nodes are using the discovery-ec2 plugin. This works fine with SSL. When I deploy the certificate and configure ES, the nodes discover each other and try to communicate. However, now with SSL/TLS in the mix, each throws an error into the log with eventually traces down to this exception:
java.security.cert.CertificateException: No subject alternative names matching IP address 10.19.4.226 found
(Each has the IP address of the other node in the message).
Contents of elasticsearch.yml: