Sorry for bugging you. I feel like the issue I am encountering is a simple one but cannot figure it out.I feel like I am close though.
Elasticsearch seems to be happy with the install of Search Guard except when its time to initialize the config via sgadmin.sh. The elastic logs shows the below in trace debugging.
Treat certificate with principal [CN=kirk.example.com,OU=Ops,O=example,DC=example,DC=com, CN=kirk.example.com,OU=Ops,O=example,DC=example,DC=com] NOT as other node because we it does not matches one of [CN=masterES.example.com,OU=Ops,O=example,DC=example,DC=com]
[2018-06-25T20:13:14,932][TRACE][c.f.s.t.DefaultInterClusterRequestEvaluator] No subject alternative names (san) found
I cant seem to figure this out. Ive read some posts but those resolutions havent worked in my case.
Can someone lend a hand? I used your nifty tool,
sgtlstool.sh, to generate the certs.
If I am missing anything, please let me know and I’ll attach.
Cheers
Attached
output from sgtlsdiag.sh attached for masterES.pem and kirk.pem, output of ls -lah /etc/elasticsearch/config.
elasticsearch.yml
trace elasticsearch.log
- Search Guard and Elasticsearch version
Search Guard 6.3.0-22.3
Elasticsearch 6.3.0
- Installed and used enterprise modules, if any
disabled via elasticsearch.yml
searchguard.enterprise_modules_enabled: false
- JVM version and operating system version
java version “1.8.0_171”
Java™ SE Runtime Environment (build 1.8.0_171-b11)
Java HotSpot™ 64-Bit Server VM (build 25.171-b11, mixed mode)
Ubuntu 18.04
- Search Guard configuration files
attached but Im not sure if that is what is being asked. Please let me know what else to attach and I will do so.
- Elasticsearch log messages on debug level
attached as elasticsearch.log
- Other installed Elasticsearch or Kibana plugins, if any
Only plugin is Search Guard.
sgtlsdiag.rtf (6.54 KB)
elasticsearch.yml.rtf (4.43 KB)
elasticsearch.log (442 KB)