I am using ES 5.6.7 and searchgurad 5.6.7-19 .I am getting below error “ERR: You try to connect with a ssl node certificate instead of an admin client certificate” while running with sgadmin.sh
/usr/share/elasticsearch/plugins/search-guard-5/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-5/sgconfig -ks /etc/elasticsearch/node-0-keystore.jks -kspass xxxxx -ts /etc/elasticsearch/truststore.jks -tspass xxxxxx -nhnv -icl -h localhost -port 9740
And in elasticsearch log file , i am getting below error
[2018-03-29T01:12:10,795][ERROR][c.f.s.s.t.SearchGuardSSLNettyTransport] [127.0.0.1] SSL Problem Received fatal alert: certificate_unknown
javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
please find my elasticsearch.yml details
cluster.name: XXX_sandbox_cluster
node.name: 127.0.0.1
network.host: 127.0.0.1
transport.tcp.port: 9740
http.port: 9640
#discovery.zen.ping.unicast.hosts: [“xxxxxx”]
path.data: /data/elasticsearch
path.logs: /log/elasticsearch
script.engine.groovy.inline.aggs: on
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: XXX
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: XXX
#searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.enabled: true
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: node-0-keystore.jks
searchguard.ssl.http.keystore_password: XXX
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password: xxxxx
searchguard.authcz.admin_dn:
- CN=admin,OU=SSL,O=Test,L=Test,C=DE
node.max_local_storage_nodes: 1
Could you please help me on this
Thanks
Ashok