I face this issue here with X-Pack (5.6.4): https://github.com/elastic/elasticsearch/issues/27267
I cannot remote reindex to a cluster protected with x-pack (https enabled) cause my ssl certificates are not trusted and i cannot also not leverage PKI authentication.
Hi Nanda,
If I understand your issue, if you generated self-signed certificates for Elasticsearch you might be able to add those certificates to your "remote" system so that they are trusted.
Otherwise, I think you could just watch that issue you listed and/or ask additional questions there (like is there a work-around).
I'm going to just paste a chunk of bash script code I use during some testing. It covers several OSs.
case $OS in
ubuntu)
cp $QADIR/../certs/ca/ca.crt /usr/local/share/ca-certificates/
cp $QADIR/../certs/elasticsearch/elasticsearch.crt /usr/local/share/ca-certificates/
cp $QADIR/../certs/kibana/kibana.crt /usr/local/share/ca-certificates/
update-ca-certificates
echo "net.ipv6.conf.all.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.default.disable_ipv6 = 1" >> /etc/sysctl.conf
echo "net.ipv6.conf.lo.disable_ipv6 = 1" >> /etc/sysctl.conf
sysctl -p
cat /proc/sys/net/ipv6/conf/all/disable_ipv6
;;
centos)
sudo update-ca-trust force-enable
cp $QADIR/../certs/ca/ca.crt /etc/pki/ca-trust/source/anchors/
cp $QADIR/../certs/elasticsearch/elasticsearch.crt /etc/pki/ca-trust/source/anchors/
cp $QADIR/../certs/kibana/kibana.crt /etc/pki/ca-trust/source/anchors/
sudo update-ca-trust extract
;;
windows)
certutil -addstore root $QADIR/../certs/ca/ca.crt
Regards,
Lee
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.