Hello,
APM error message - UNABLE_TO_VERIFY_LEAF_SIGNATURE (Certificate Authority)
It is important to state that I am not using x-pack security on my elastic cluster.
I am running elastic apm 6.5.4 and using elastic-apm-node (2.1.0). I am able to get the server to start, but there appear to be some issues with SSL. I have added the required code for configuring apm agents in my node project.
When I access a route on the server, I receive this error message.
APM Server transport error (UNABLE_TO_VERIFY_LEAF_SIGNATURE): unable to verify the first certificate
I used elasticsearch-certutil to generate a ca certificate and apm certificate and key. I have then, in my docker file placed the ca.crt, apm.crt, and apm.key in the apm-server folder. If I run the following command:
curl -v https://[hostname]:8200/v1/transactions
I receive the below response
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
Server certificate:
subject: CN=apm
start date: Jan 21 12:20:43 2019 GMT
expire date: Jan 20 12:20:43 2022 GMT
common name: apm
issuer: CN=Elastic Certificate Tool Autogenerated CA
NSS error -8179 (SEC_ERROR_UNKNOWN_ISSUER)
Peer's Certificate issuer is not recognized.
- Closing connection 0
If I curl this passing the ca certificate then I get a positive response.
Any insights into what I've done wrong? I am also pasting my apm-docker.yaml file below:
apm-server.host: "0.0.0.0:8200"
apm-server.ssl.enabled: true
apm-server.ssl.certificate: "/usr/share/apm-server/apm.crt"
apm-server.ssl.key: "/usr/share/apm-server/apm.key"
output.elasticsearch:
hosts: ['http://**redacted**:4200']
protocol: "http"
username: elastic
password: "**redacted**"
ssl.certificate_authorities: ["/etc/pki/root/ca.pem"]