X509: cannot validate certificate for 192.168.0.85 because it doesn't contain any IP SANs

Min_Mah · May 31, 2019, 9:12am

Hello
I'm just start 7.1 ES & KB & Metricbeat
I have an error

my metricbeat.yml

#============================== Kibana =====================================
setup.kibana:


  host: "https://192.168.0.85:5601"
#-------------------------- Elasticsearch output ------------------------------
output.elasticsearch:
  hosts: ["https://192.168.0.85:9200"]

  # Optional protocol and basic auth credentials.
  protocol: "https"
  username: "elastic"
  password: "d8Z46pgoFEd1rQNdOfDX"

my elasticsearch.yml

# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.85
http.host: "192.168.0.85"
#
# Set a custom port for HTTP:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
discovery.seed_hosts: ["192.168.0.85"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1"]

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.keystore.password: "password"
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.password: "password"

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.keystore.password: "password"
xpack.security.http.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.password: "password"

my kibana.yml

server.port: 5601
server.host: "192.168.0.85"

elasticsearch.hosts: ["https://192.168.0.85:9200"]

elasticsearch.username: "kibana"
elasticsearch.password: "Y3B2c5U0izQF2Who2qyj"


server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/instance/instance.crt
server.ssl.key: /etc/kibana/instance/instance.key

elasticsearch.ssl.certificateAuthorities: ["/etc/kibana/elastic-ca.pem"]

elasticsearch.ssl.verificationMode: none

how can i find problem??
to config IP SANs
is it need set something??
please help me
thanks

ruflin · June 4, 2019, 7:16am

I think the issue is with your certificate. When generating the certificate you must ensure it contains the IP address above. If you google for the above error without the IP address inside you will find a few ways on how to do it. To avoid the complexity of adding IP addresses, perhaps just use domain names and a DNS?

Min_Mah · June 5, 2019, 5:02am

Hi, Thanks for reply
i solve this problem using this site

system · July 3, 2019, 5:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.