Hello, I'm trying to authenticate users via AD with no success. Running ES 7.9.2. with TLS encryption in the cluster.
Below you can see the excerpt of the yml file where I'm setting up xpack security, and the error I am receiving when trying to login with an AD account in Kibana.
I should note, the key and certs in the xpack.security.transport.ssl are self signed by elastic. The rootca.pem file comes from my internal ca. Thanks for the help in advance.
# x pack settings xpack.security.enabled: true xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.key: /etc/elasticsearch/elastic-ca/host1.key xpack.security.transport.ssl.certificate: /etc/elasticsearch/elastic-ca/host1.crt xpack.security.transport.ssl.certificate_authorities: ["/etc/elasticsearch/elastic-ca/ca.crt"] xpack: security: authc: realms: active_directory: my_ad: order: 0 domain_name: my.domain url: ldaps://ad_server.domain.com:3269, ldaps://ad_server.domain.com:3269 ssl: certificate_authorities: ["/etc/elasticsearch/elastic-ca/rootca.pem" ]
[2020-11-09T15:50:29,875][WARN ][o.e.c.s.DiagnosticTrustManager] [host1.domain.com] failed to establish trust with server at [ad_server.domain.com]; the server provided a certificate with subject name  and f ingerprint [17d8390fdb9b1e22fb4a4427c4f0e865a0f232f2]; the certificate has subject alternative names [DNS:ad_server.domain.com]; the certificate is issued by [CN=Domain Enterprise Root,DC=empty,DC=local] but the server did not provide a copy of the issuing certificate in the certificate chain; this ssl context ([xpack.security.authc.realms.active_directory.my_ad.ssl]) is not configured to trust that issuer sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target