Certificate altname not matched

If you think it is a bug report or you have a technical issue, please answer the following questions. For general questions, you can delete these questions.

**Elasticsearch version:**7.10.2

**Kibana version (if relevant):**7.10.2

Describe the issue: In docker while using demo certificates generated by install_demo_configuration.sh is throwing below error.

{“type”:“log”,"@timestamp":“2021-03-30T05:49:29Z”,“tags”:[“error”,“elasticsearch”,“data”],“pid”:9,“message”:"[ConnectionError]: Hostname/IP does not match certificate’s altnames: Host: elasticsearch. is not in the cert’s altnames: Registered ID:, DNS:node-0.example.com, DNS:localhost, IP Address:"}

tried host name as elasticsearch and localhost both are not working.

what are the altnames available in certificates?

while using https://localhost:9200 in kibana and provided cert paths, it is throwing ECONNREFUSED error

can we use self signed certificate…? Below is the log from kibana
log [05:08:30.861] [error][data][elasticsearch] [ConnectionError]: self signed certificate in certificate chain

Sure, you can use the self-signed certificates. Can you share your dockerfiles?

You can also setup the demo config without running install_demo_configuration.sh. Look at the SG labs repo.

On a high-level, the algorithm is

  1. Create SG certificates, ES, and SG configuration before running the Docker.
  2. Copy all the configurations and certificates to the nodes in Dockerfile.

Look at the config script for details: create_config.sh · master · search-guard / labs · GitLab
The configurations:
elasticsearch/config/basicauth/sgssl-0.example.com/elasticsearch.yml.example · master · search-guard / labs · GitLab
elasticsearch/config/basicauth/sgssl-0.example.com/sgconfig · master · search-guard / labs · GitLab

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.