Hi All ,
My ES Cluster is 3 maser and 2 data nodes.
In my elastic and kibana conf
when i am using SSL conf only its working.
i can connect from kibana to ES data node with url http://ip:9200
In the same conf if I am enabling TLS , its not working .... error logs showing.
my p12 certificates are protected with passwords . Given by my company.
CA in pem format.
ES Conf:
xpack.security.transport.ssl.certificate_authorities:
["/etc/elasticsearch/certs/xyz_Internal_Issuing_CA_2_G2.pem","/etc/elasticsearch/
certs/xyz_Internal_Root_CA_G2.pem"]
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/nodename.p12
xpack.security.transport.ssl.keystore.password: sffsdfsdg
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/certs/nodename.p12
xpack.security.http.ssl.keystore.password: sffsdfsdg
Kibana: Conf
server.ssl.enabled: true
elasticsearch.ssl.verificationMode: certificate
server.ssl.certificate: /etc/kibana/certs/79f2ef47dc8494d53bc13f5a285b5f60.crt
server.ssl.key: /etc/kibana/certs/79f2ef47dc8494d53bc13f5a285b5f60.key
elasticsearch.ssl.certificateAuthorities: ["/etc/kibana/certs/xyz_Internal_Issuing_CA_2_G2.pem","/etc/kibana/certs/xyz_Internal_Root_CA_G2.pem"]
ES Log:
[2018-11-23T03:06:52,891][WARN ][o.e.x.s.t.n.SecurityNetty4ServerTransport] [gbriceedts01.corp.internal] client did not trust this server's certificate, closing connection NettyTcpChannel{localAddress=0.0.0.0/0.0.0.0:9300, remoteAddress=/10.142.1.110:35870}
[2018-11-23T03:06:53,300][WARN ][o.e.x.s.t.n.SecurityNetty4ServerTransport] [gbriceedts01.corp.internal] client did not trust this server's certificate, closing connection NettyTcpChannel{localAddress=0.0.0.0/0.0.0.0:9300, remoteAddress=/10.142.1.109:47844}
[2018-11-23T03:06:53,306][WARN ][o.e.x.s.t.n.SecurityNetty4ServerTransport] [gbriceedts01.corp.internal] client did not trust this server's certificate, closing connection NettyTcpChannel{localAddress=0.0.0.0/0.0.0.0:9300, remoteAddress=/10.142.1.111:40458}
[2018-11-23T03:06:53,517][WARN ][o.e.x.s.t.n.SecurityNetty4ServerTransport] [gbriceedts01.corp.internal] exception caught on transport layer [NettyTcpChannel{localAddress=0.0.0.0/0.0.0.0:41906, remoteAddress=/10.142.1.111:9300}], closing connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265) ~[netty-codec-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1359) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:935) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:645) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:545) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:499) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:459) [netty-transport-4.1.16.Final.jar:4.1.16.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858) [netty-common-4.1.16.Final.jar:4.1.16.Final]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_181]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1529) ~[?:?]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)