Remote reindex fail for HTTPS

I face this issue here with X-Pack (5.6.4):

I cannot remote reindex to a cluster protected with x-pack (https enabled) cause my ssl certificates are not trusted and i cannot also not leverage PKI authentication.

Hi Nanda,

If I understand your issue, if you generated self-signed certificates for Elasticsearch you might be able to add those certificates to your "remote" system so that they are trusted.

Otherwise, I think you could just watch that issue you listed and/or ask additional questions there (like is there a work-around).

I'm going to just paste a chunk of bash script code I use during some testing. It covers several OSs.

case $OS in
  cp $QADIR/../certs/ca/ca.crt /usr/local/share/ca-certificates/
  cp $QADIR/../certs/elasticsearch/elasticsearch.crt /usr/local/share/ca-certificates/
  cp $QADIR/../certs/kibana/kibana.crt /usr/local/share/ca-certificates/

  echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
  echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
  echo "net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf
  sysctl -p
  cat /proc/sys/net/ipv6/conf/all/disable_ipv6
  sudo update-ca-trust force-enable
  cp $QADIR/../certs/ca/ca.crt /etc/pki/ca-trust/source/anchors/
  cp $QADIR/../certs/elasticsearch/elasticsearch.crt /etc/pki/ca-trust/source/anchors/
  cp $QADIR/../certs/kibana/kibana.crt /etc/pki/ca-trust/source/anchors/
  sudo update-ca-trust extract
  certutil -addstore root $QADIR/../certs/ca/ca.crt


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.