SSL Connection fail on Elastic 7.8.0 in Docker Container

Hey folks,

Following these instructions, I've installed a single node Elastic 7.8.0 on docker.

Then I create default certs and keys with
bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

I move the .p12 to congifs/certs
To stop a previous error, I update the .p12 to have permissions 1000:1000

Then I edit config/elasticsearch.yml and add "docker-cluster" # also tried the docker ip true "/usr/share/elasticsearch/config/certs/elastic-certificates.p12" "/usr/share/elasticsearch/config/certs/elastic-certificates.p12" certificate true "/usr/share/elasticsearch/config/certs/elastic-certificates.p12" "/usr/share/elasticsearch/config/certs/elastic-certificates.p12"

Then restart the container

When I go to set user passwords with
bin/elasticsearch-setup-passwords interactive

I get this error

WARN  org.elasticsearch.common.ssl.DiagnosticTrustManager - failed to establish trust with server at []; the server provided a certificate with subject name [CN=instance] and fingerprint [d5a8c37fd3bbf48327e4753452c2b4ebe12660f2]; the certificate does not have any subject alternative names; the certificate is issued by [CN=Elastic Certificate Tool Autogenerated CA]; the certificate is signed by (subject [CN=Elastic Certificate Tool Autogenerated CA] fingerprint [75af257949c76373a50ff4fa2f90c97aaf7f10f1] {trusted issuer}) which is self-issued; the [CN=Elastic Certificate Tool Autogenerated CA] certificate is trusted in this ssl context ([])

                    at org.elasticsearch.cli.EnvironmentAwareCommand.execute( [elasticsearch-7.8.0.jar:7.8.0]
                    at org.elasticsearch.cli.Command.mainWithoutErrorHandling( [elasticsearch-cli-7.8.0.jar:7.8.0]
                    at org.elasticsearch.cli.MultiCommand.execute( [elasticsearch-cli-7.8.0.jar:7.8.0]
                    at org.elasticsearch.cli.Command.mainWithoutErrorHandling( [elasticsearch-cli-7.8.0.jar:7.8.0]
                    at org.elasticsearch.cli.Command.main( [elasticsearch-cli-7.8.0.jar:7.8.0]
                    at [x-pack-security-7.8.0.jar:7.8.0] 

    SSL connection to failed: No subject alternative names present
    Please check the elasticsearch SSL settings under

    ERROR: Failed to establish SSL connection to elasticsearch at

I've troubleshooted this for couple days and checked this forum plenty.

  • is the ip of the docker container with elastic.
    I tried updating the config yml so the host ip = but no effect.

  • If I first set only TLS (not HTTPS), then I am able to set user passwords, but when I activate http.ssl I get error message on elastic search boot up:
    {"type": "server", "timestamp": "2020-06-24T22:47:48,739Z", "level": "WARN", "component": "o.e.b.BootstrapChecks", "": "docker-cluster", "": "d3b0717b5f42", "message": "Transport SSL must be enabled if security is enabled on a [basic] license. Please set [ SSL .enabled] to [true] or disable security by setting [] to [false]" }
    And when I check config for true it's still there

Why not the next page in that series, i.e. Encrypting communications in an Elasticsearch Docker Container | Elasticsearch Guide [7.8] | Elastic which is specifically about docker ?

The actual error is printed in the output:

SSL connection to failed: No subject alternative names present

You'd need to recreate your certificates and add the IP ( ) as a SAN , see the --ip flag in elasticsearch-certutil | Elasticsearch Guide [8.11] | Elastic

1 Like

Thanks, that worked.
I didnt use those docker instructions, cause I'm not using Docker Compose.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.