I’ve followed the SSL encryption configuration information and I am still having issues. I have a GUI which needs to connect to the External API. I am using ROR 1.35 free with ELK stack 7.11.1 on a Windows 2016 server.
What I have done/tried:
Added http.type: ssl_netty4 to the elasticsearch.yml file.
Created the ssl: section with a keystore and truststore for the readonlyrest.yml file.
Set client_authentication: true
Allow requests from listed machines using hosts (GUI machine is on the list.)
Added the GUI certificate to the truststore, the keystore, the Java cacerts truststore, and the machine certificate store (Trusted Root Certification Authorities, and under personal)
All nodes are running ROR 1.35 however only this node is being set up for SSL connections (External API only). I’ll also need to connect a Kibana instance to this after I figure out the GUI issue.
Just a quick question, is the SSL connection to the readonlyrest over elasticsearch instance a one-to-one connection? Do you know if windows certificate trusts interfere with the connection?
Ok, ERR_CERT_AUTHORITY_INVALID is a specific error.
Elasticsearch is a Java application, maybe the Java certification authority list needs to be updated? By the way, ES ships with its own platform dependant “jdk” directory.