Hello, thanks for your reactivity, I manage to have a proper behaviour; I simply add a trustore as I was using self signed on my lab, and I may have did dome test without the proper parameter http.type: ssl_netty4 set in elasticsearch.yml; But it works now. Next steps, ActiveDriectory authentication and SAML.
# http does not reply anymore (it's what I want)
curl http://localhost:9200
curl: (52) Empty reply from server
# https without the proper certificate does not work
curl https://localhost:9200
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.
# https reply (the normal behaviour of ror)
curl -k https://localhost:9200
{
"name" : "xxx",
"cluster_name" : "lab-elastic-ror",
"cluster_uuid" : "xxx",
"version" : {
"number" : "8.4.1",
"build_flavor" : "default",
. . .
},
"tagline" : "You Know, for Search"
}
# advanced APIs usage required authentication (the normal behaviour of ror)
curl -k https://localhost:9200/_cluster/health?pretty
{
"error" : {
"root_cause" : [
{
"type" : "forbidden_response",
"reason" : "Sorry, your request is forbidden.",
"due_to" : "OPERATION_NOT_ALLOWED"
}
],
"type" : "forbidden_response",
"reason" : "Sorry, your request is forbidden.",
"due_to" : "OPERATION_NOT_ALLOWED"
},
"status" : 403
}
# if I use the proper TLS files, it works fine as well
curl --cert /etc/elasticsearch/ssl/myservername.crt --key ssl/myservername.key --cacert /etc/elasticsearch/ssl/ca/ca.crt https://$(hostname):9200/_cluster/health?pretty -u elastic
Enter host password for user ‘elastic’:
{
“cluster_name” : “lab-elastic-ror”,
“status” : “green”,
“timed_out” : false,
“number_of_nodes” : 3,
“number_of_data_nodes” : 3,
. . .