X509: cannot validate certificate for 192.168.0.85 because it doesn't contain any IP SANs

Min_Mah · May 31, 2019, 9:12am

Hello
I'm just start 7.1 ES & KB & Metricbeat
I have an error

my metricbeat.yml

#============================== Kibana =====================================
setup.kibana:


  host: "https://192.168.0.85:5601"
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
  hosts: ["https://192.168.0.85:9200"]

  # Optional protocol and basic auth credentials.
  protocol: "https"
  username: "elastic"
  password: "d8Z46pgoFEd1rQNdOfDX"

my elasticsearch.yml

# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.85
http.host: "192.168.0.85"
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["192.168.0.85"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1"]

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.keystore.password: "password"
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.password: "password"

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.keystore.password: "password"
xpack.security.http.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.password: "password"

my kibana.yml

server.port: 5601
server.host: "192.168.0.85"

elasticsearch.hosts: ["https://192.168.0.85:9200"]

elasticsearch.username: "kibana"
elasticsearch.password: "Y3B2c5U0izQF2Who2qyj"


server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/instance/instance.crt
server.ssl.key: /etc/kibana/instance/instance.key

elasticsearch.ssl.certificateAuthorities: ["/etc/kibana/elastic-ca.pem"]

elasticsearch.ssl.verificationMode: none

how can i find problem??
to config IP SANs
is it need set something??
please help me
thanks

ruflin · June 4, 2019, 7:16am

I think the issue is with your certificate. When generating the certificate you must ensure it contains the IP address above. If you google for the above error without the IP address inside you will find a few ways on how to do it. To avoid the complexity of adding IP addresses, perhaps just use domain names and a DNS?

Min_Mah · June 5, 2019, 5:02am

Hi, Thanks for reply
i solve this problem using this site

system · July 3, 2019, 5:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Metricbeat Error : x509 Certificate is valid for x, not Y Beats metricbeat	1	1295	June 7, 2019
[Metricbeat 7.9] x509: certificate is valid for instance, not localhost Beats metricbeat	2	1238	April 13, 2021
X509: cannot validate certificate for xx.xx.xx.xxbecause it doesn't contain any IP SANs Beats filebeat	6	7860	May 5, 2020
Merticbeat Error dialing x509: certificate is valid for 127.0.0.1, not 172.16.0.204 Beats metricbeat	3	2842	April 7, 2022
Metricbeat x509 Certificate error Elasticsearch	5	618	September 29, 2023

X509: cannot validate certificate for 192.168.0.85 because it doesn't contain any IP SANs

Related topics