Unable to form cluster after enabling TLS in elasticsearch

nityaraj06 · May 21, 2020, 5:21am

Hi,

I am unable to form a cluster after enabling TLS.
error from master node:

[2020-05-21T07:19:55,969][WARN ][o.e.x.c.s.t.n.SecurityNetty4Transport] 
[node1] client did not trust this server's certificate, closing 
connection Netty4TcpChannel{localAddress=/<node1-ip>:9300, 
remoteAddress=/<node2-ip>:62376}

Error from other node:

[2020-05-21T07:22:24,660][WARN ][o.e.c.s.DiagnosticTrustManager] 
[node1] failed to establish trust with server at [<unknown host>]; 
the server provided a certificate with subject name [CN=node2,...] 
and fingerprint [...]; the certificate has subject alternative names 
[DNS:node2]; the certificate is issued by [CN=...]; the certificate is 
signed by (subject [CN=...] fingerprint [...]) signed by (subject [CN=...] 
fingerprint [..]) which is self-issued; the [CN=...] certificate is not trusted 
in this ssl context ([xpack.security.transport.ssl])
sun.security.validator.ValidatorException: PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to 
find valid certification path to requested target

ikakavas · May 21, 2020, 5:39am

Hi there,

As we said in Unable to enable https and internode communication in 2 node cluster, you need to share the whole configuration and details about how you generated the certificates and keys you are using. As the message says, your tls transport configuration is wrong as the nodes do not trust the certificates that other nodes present for TLS but unless you show us your config we cant suggest you how to fix it.

Also, the diagnostic error messages are helpful only if we can see the message so please dont mask hostnames if you dont have to.

system · June 18, 2020, 5:39am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.