[Solved] Elasticsearch integration metric settings (elastic-agetnt)

Elastic Stack Elastic Agent
,
3

hello stephen

Thank you for taking the time to answer me as always

my apologies I'm quite new to the community, I didn't know the rules :sweat_smile::sweat_smile:

I went into one of the nodes and run the command:

curl -v --cacert /etc/elasticsearch/certs/elasticsearch-ca.pem -u elastic https://localhost:9200

and here is its output:

root@elasticsearch1:/home/elasticsearch1# curl -v --cacert /etc/elasticsearch/certs/elasticsearch-ca.pem -u elastic https://localhost:9200
Enter host password for user 'elastic':
*   Trying 127.0.0.1:9200...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/elasticsearch/certs/elasticsearch-ca.pem
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=node-1
*  start date: Jul 31 17:19:11 2024 GMT
*  expire date: Jul 31 17:19:11 2029 GMT
*  subjectAltName does not match localhost
* SSL: no alternative certificate subject name matches target host name 'localhost'
* Closing connection 0
* TLSv1.3 (OUT), TLS alert, close notify (256):
curl: (60) SSL: no alternative certificate subject name matches target host name 'localhost'
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

I think its because the SSL certificate used by Elasticsearch does not have localhost listed as a valid subjectAltName (SAN).

when I Bypass the Certificate Validation using this command

curl -v -k -u elastic https://localhost:9200

it works same this for the integration when I added verification_mode: none in the SSL configuration of the integration

but this is not recommended for production environments, therefore are there other solutions like regenerating the certificate with localhost in SAN for each node certification as explained in here: Set up basic security for the Elastic Stack plus secured HTTPS traffic | Elasticsearch Guide [8.15] | Elastic
or any other solution that ensures security ?

thank you!

1 Like