Reindex with https

Hi,

I'm tryning to migrate data from my OLD_ELASTIC server (version 6.2) to the NEW_ELASTIC (version 7.8.1) using REINDEX approcach but with https connection.

My NEW_ELASTIC elasticsearch.yml contains:

...
reindex.remote.whitelist: OLD_ELASTIC:9200
reindex.ssl.certificate: OLD_ELASTIC_cacert.pem
reindex.ssl.key: OLD_ELASTIC_key.key
reindex.ssl.verification_mode: certificate
...

My OLD_ELASTIC elasticsearch.yml contains:

...
xpack.security:
...
    http:
        ssl.enabled: true
        ssl.verification_mode: certificate
...

My OLD_ELASTIC_cacert.pem is valid because I can query my OLD_ELASTIC cluster with curl:

NEW_ELASTIC>  curl -XGET  --cacert  OLD_ELASTIC_cacert.pem  -u OLD_ELASTIC_USER  "https://OLD_ELASTIC:9200/_cat/indices?v"
Enter host password for user 'OLD_ELASTIC_USER':
health status index                         uuid                   pri rep docs.count docs.deleted store.size pri.store.size
...
... datdatdatdatadata ...
...

But when I trying to execute data reindex from OLD_ELASTIC to NEW_ELASTIC using https(not http!)

curl -XPOST -H "Content-Type: application/json;charset=UTF-8" --cacert cacert.pem -u admin 'https://NEW_ELASTIC:9200/_reindex?wait_for_completion=false' -d '
{
  "source": {
    "remote": {
      "host": "https://OLD_ELASTIC:9200",
      "username": "OLD_ELASTIC_USER",
      "password": "PASS"
    },
    "index": "OLD_INDEX",
    "query": {
      "match_all": {}
    }
  },
  "dest": {
    "index": "NEW_CREATED_INDEX"
  }
}'

Reindex task ends with error:

...
 "error" : {
    "type" : "s_s_l_handshake_exception",
    "reason" : "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
    "caused_by" : {
      "type" : "validator_exception",
      "reason" : "PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target",
      "caused_by" : {
        "type" : "sun_cert_path_builder_exception",
        "reason" : "unable to find valid certification path to requested target"
      }
    }
  }
...

Maybe there is a way to add my certificate to OLD_ELASTIC server so it will accept https connection from NEW_ELASTIC ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.