i have created new set of certificates.
nprod-elastic-http-client.key
nprod-elastic-http-client.pem
cacert
i used openssl command to generate p12 and then jks using above certs and pointed that jks to pki.
xpack.security.http.ssl.client_authentication: optional
xpack:
security:
authc:
realms:
pki1:
type: pki
truststore:
path: "/etc/elasticsearch/ssl/elastic-http-client.jks"
password: "changeme"
openssl pkcs12 -export -in nprod-elastic-http-client.pem -inkey nprod-elastic-http-client.key -out elastic-http-client.p12 -name elastic -CAfile cacert -caname root
keytool -importkeystore -destkeystore elastic-http-client.jks -srckeystore elastic-http-client.p12 -srcstoretype pkcs12 -alias elastic
am now using above three certs while running curl command still having same issue.
curl -XGET 'https://nprod-elastic:443/_cluster/health?pretty=true' --key /etc/elasticsearch/ssl/nprod-elastic-http-client.key --cert /etc/elasticsearch/ssl/nprod-elastic-http-client.pem --cacert /etc/elasticsearch/ssl/cacert
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "missing authentication token for REST request [/_cluster/health? pretty=true]",
"header" : {
"WWW-Authenticate" : [
"Bearer realm=\"security\"",
"ApiKey",
"Basic realm=\"security\" charset=\"UTF-8\""
]
}
}
],
"type" : "security_exception",
"reason" : "missing authentication token for REST request [/_cluster/health?pretty=true]",
"header" : {
"WWW-Authenticate" : [
"Bearer realm=\"security\"",
"ApiKey",
"Basic realm=\"security\" charset=\"UTF-8\""
]
}
},
"status" : 401
}`