Is it possible to use a single certificate (which contains multiple SANs) in all the nodes in 6.3 Elasticsearch cluster? (I want to use xpack.ssl.verification_mode=full)
Cluster setup is complete and everything seems to be working except a warning which is shown on the elasticsearch server.
Here are the details of my cluster
5 nodes (4 masters, 1 data)
Gold subscription license applied
SSL and HTTPS configured (Godaddy)
Single certificate with multiple SAN used
Testing from browser displays ok (Browser shows certificate is valid)
Testing using openssl shows ok (No validation errors)
[openssl s_client -showcerts -host mynode1.xxx.com -port 9200]
Below warning is shown on the elasticsearch server. Interesting factor is that the IP (10.10.171.205) shown below is not from my cluster. What is the reason for this warning and how can I avoid this?
Exception at server:
caught exception while handling client http traffic, closing connection [id: 0x6c20770e, L:0.0.0.0/0.0.0.0:9200 ! R:/10.10.171.205:63966]
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLException: Received fatal alert: bad_certificate
Caused by: javax.net.ssl.SSLException: Received fatal alert: bad_certificate
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.