Hello
I have an Elasticsearch server that uses ssl certificates issued by a certification unit.
This is my configuration:
#----------------------- BEGIN SECURITY AUTO CONFIGURATION ---------------------- -
#
# The following settings, TLS certificates, and keys have been automatically
# generated to configure Elasticsearch security features on 2023-07-31 19:08:06
#
# ------------------------------------------------- -------------------------------
# Enable security features
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
key: certs/myhost.com_2023-2024.key
certificate: certs/myhost.com_2023-2024.pem
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
key: certs/myhost.com_2023-2024.key
certificate: certs/myhost.com_2023-2024.pem
# Create a new cluster with the current node only
# Additional nodes can still join the cluster later
cluster.initial_master_nodes: ["elk1"]
# Allow HTTP API connections from anywhere
# Connections are encrypted and require user authentication
http.host: 0.0.0.0
# Allow other nodes to join the cluster from anywhere
# Connections are encrypted and mutually authenticated
#transport.host: 0.0.0.0
However, when testing the connection, the following error returns:
[root@host-01 hostname]# curl -v -u user https://elk1.myhost.com:9200
Enter host password for user 'user':
* Rebuilt URL to: https://elk1.myhost.com:9200/
* Trying 164.NNN.NN.NNN...
* TCP_NODELAY set
* Connected to elk1.myhost.com (164.NNN.NN.NNN) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to elk1.myhost.com:9200
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to elk1.myhost.com:9200
Thanks by support.