It seems that the TLS is correctly setup but not the authentication.
When I go to the https://elasticsearch:9200 url, an authentication popup appears.
But when I enter the login and password, the popup appears again and again.
So I changed a little bit my certs. Instead of using a wildcard cert generated with openssl, I generated one cert for each server with the command below:
I sent the certs and the key on each nodes.
Now I have a SEC_ERROR_BAD_SIGNATURE in my web browser and this error in logs:
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
I already added the CA in the /usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts with keytool command.
I tried different options but I didn't find the good one to setup my ELK cluster correctly.
I still have the issue below:
Caused by: org.elasticsearch.ElasticsearchException: failed to initialize a KeyManagerFactory
Caused by: java.security.KeyStoreException: Key protection algorithm not found: java.security.KeyStoreException: Certificate chain is not valid
Caused by: java.security.KeyStoreException: Certificate chain is not valid
Is-it possible to generate cert with elasticsearch-certutil and intermediate cert ? Or I need to use a root CA ?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.