When attempting to enable ssl on the transport, we are getting the following error in the log file (pointing to an untrusted certificate authority) and the nodes will
not communicate with one another.
[2016-03-22 10:48:17,145][WARN ][shield.transport.netty ] [node01] exception caught on transport layer [[id: 0x098be7f4, /192.168.2.103:52609 => /192.168.2.100:9300]],
closing connection javax.net.ssl.SSLException: Received fatal alert: certificate_unknown at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
I have added the 3 certificates that make up our trust chain into the keystore for shield, and I also created a truststore.jks and put the
3 certificates in that as well. Any ideas what we are missing?
Location of keystore:
Location of truststore:
Shield Contents of elasticsearch.yml file:
We have tried this with and without the resolve.name and still it doesn't work. We also validated our certicate has the IP address as a SAN in the certificate.