The documentation says:
the CA fingerprint logged by the server at initial startup.
However I can't find it. Is it in security -> CA certificates? If yes, than I can download that file, but how can I get the fingerprint out of it?
The documentation says it should be something like this:
HTTP CA certificate SHA-256 fingerprint:
a52dd93511e8c6045e21f16654b77c9ee0f34aea26d9f40320b531c474676228
Use the CA fingerprint
Copy the fingerprint value that’s output to your terminal when Elasticsearch starts, and configure your client to use this fingerprint to establish trust when it connects to Elasticsearch.
If the auto-configuration process already completed, you can still obtain the fingerprint of the security certificate by running the following command. The path is to the auto-generated CA certificate for the HTTP layer.
openssl x509 -fingerprint -sha256 -in config/certs/http_ca.crt
Thank you! But what if I'm not running it locally, and I have deployment on https://cloud.elastic.co/. Where can I input this command?
You can download the CA from Elastic Cloud,
Elastic Cloud -Deployment -> Security -> CA Cert and download the CA
Then run the command above against the cert you just downloaded
openssl x509 -fingerprint -sha256 -in 0A139270B1760010139270B1760010BF598F6.crt
It is a Public Signed Cert from an Official Cert Authority, curious how you want to use it?
Thank you again! I needed it so I could connect to Elastic Search with a client instance. The problem is that it says that the certificate is rejected
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
System.Security.Authentication.AuthenticationException: The remote certificate was rejected by the provided RemoteCertificateValidationCallback.
Paste your code..... 
What URL and port did you put in?
Did you paste the fingerprint correctly?
Why are you not using the suggested Cloud Method... Though this should work too.
Also can you show more of the logs... more you show... more we can help
And since it is a Publicly Signed Cert and perhaps you just want to test, I don't think you even need the fingerprint check (maybe you do but this is not a self-signed cert which is what that example is)
note the .es in the Uri
var settings = new ElasticsearchClientSettings(new Uri("https://my-deployment.es.us-west1.gcp.cloud.es.io:9243"))
.Authentication(new BasicAuthentication("elastic", "<PASSWORD>"));
You could also probably just use the ClientCertificate setting
Thank you! I was using a trial for testing and didn't need the cert. After removing it, I managed to connect!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.