Following is my elasticsearch main instance(172.x.x.2) config:
search:
remote:
cluster_1:
seeds: 172.x.x.1:9300
xpack.ssl.keystore.path: certs/ELK1.p12
xpack.ssl.truststore.path: certs/ELK1.p12
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
Following is my elasticsearch seed(172.x.x.1) instance config:
xpack.security.enabled: true
xpack.ssl.keystore.path: certs/ELK2.p12
xpack.ssl.truststore.path: certs/ELK2.p12
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
I am getting errors in 172.x.x.2 server, like:
[WARN ][o.e.x.s.t.n.SecurityNetty4HttpServerTransport] [es-node-1] caught exception while handling client http traffic, closing connection [id: 0x94ca01fd, L:0.0.0.0/0.0.0.0:9200 ! R:/172.x.x.1:60944]
I am completely clueless here because, when i have enabled SSL/TLS for both, why i am getting HTTP traffic. It should be HTTPS. 9200 SSL/TLS works as my kibana is able to talk with elasticsearch. Is it something to do with 9300 not configured to handle SSL/TLS?
If i do the following:
openssl s_client -connect 172.x.x.1:9200
openssl s_client -connect 172.x.x.1:9300
...i get errors in 9300 port. Like:
140186801710992:error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:s3_pkt.c:1493:SSL alert number 42
140186801710992:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
...and for 9300 it shows acceptable client certificates but not for 9200. Like:
Acceptable client certificate CA names
/CN=ELK2
/CN=Elastic Certificate Tool Autogenerated CA
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Please point me to any documentation on how to enable SSL/TLS for 9300 port or to a workaround for the above.