Sorry for bugging you. I feel like the issue I am encountering is a simple one but cannot figure it out.I feel like I am close though.
Elasticsearch seems to be happy with the install of Search Guard except when its time to initialize the config via sgadmin.sh. The elastic logs shows the below in trace debugging.
Treat certificate with principal [CN=kirk.example.com,OU=Ops,O=example,DC=example,DC=com, CN=kirk.example.com,OU=Ops,O=example,DC=example,DC=com] NOT as other node because we it does not matches one of [CN=masterES.example.com,OU=Ops,O=example,DC=example,DC=com]
[2018-06-25T20:13:14,932][TRACE][c.f.s.t.DefaultInterClusterRequestEvaluator] No subject alternative names (san) found
I cant seem to figure this out. Ive read some posts but those resolutions havent worked in my case.
Can someone lend a hand? I used your nifty tool,
sgtlstool.sh, to generate the certs.
If I am missing anything, please let me know and I’ll attach.
output from sgtlsdiag.sh attached for masterES.pem and kirk.pem, output of ls -lah /etc/elasticsearch/config.
- Search Guard and Elasticsearch version
Search Guard 6.3.0-22.3
- Installed and used enterprise modules, if any
disabled via elasticsearch.yml
- JVM version and operating system version
java version “1.8.0_171”
Java™ SE Runtime Environment (build 1.8.0_171-b11)
Java HotSpot™ 64-Bit Server VM (build 25.171-b11, mixed mode)
- Search Guard configuration files
attached but Im not sure if that is what is being asked. Please let me know what else to attach and I will do so.
- Elasticsearch log messages on debug level
attached as elasticsearch.log
- Other installed Elasticsearch or Kibana plugins, if any
Only plugin is Search Guard.
sgtlsdiag.rtf (6.54 KB)
elasticsearch.yml.rtf (4.43 KB)
elasticsearch.log (442 KB)