I generated all key, pem files with example.sh, please let me know which one I can use for curl ?

My cluster has 3 nodes, the cluster and kibana is setup and running correctly with search guard. But I do not how to use curl with https ?

[root@ip-10-8-8-246 example-pki-scripts]# ls
ca example.sh kirk.crtfull.pem kirk-keystore.p12 spock.csr truststore.jks usg-elk-b.csr usg-elk-c-keystore.jks
certs gen_client_node_cert.sh kirk.crt.pem kirk-signed.pem spock.key.pem usg-elk-a.csr usg-elk-b-keystore.jks usg-elk-c-keystore.p12
clean.sh gen_node_cert.sh kirk.csr spock.all.pem spock-keystore.jks usg-elk-a-keystore.jks usg-elk-b-keystore.p12 usg-elk-c-signed.pem
crl gen_root_ca.sh kirk.key.pem spock.crtfull.pem spock-keystore.p12 usg-elk-a-keystore.p12 usg-elk-b-signed.pem
etc kirk.all.pem kirk-keystore.jks spock.crt.pem spock-signed.pem usg-elk-a-signed.pem usg-elk-c.csr

[root@ip-10-8-8-246 example-pki-scripts]# curl --insecure -E usg-elk-a-signed.pem https://10.8.8.246:9200/_cat/indices?v
Unauthorized

[root@ip-10-8-8-246 example-pki-scripts]# curl --cacert usg-elk-a-signed.pem https://10.8.8.246:9200/_cat/indices?v
curl: (60) Peer’s certificate issuer has been marked as not trusted by the user.

possible duplicate of https://github.com/floragunncom/search-guard/issues/58#issuecomment-275145664

···

Am 25.01.2017 um 16:45 schrieb Robert Chen <robertchen117@gmail.com>:

My cluster has 3 nodes, the cluster and kibana is setup and running correctly with search guard. But I do not how to use curl with https ?

[root@ip-10-8-8-246 example-pki-scripts]# ls
ca example.sh kirk.crtfull.pem kirk-keystore.p12 spock.csr truststore.jks usg-elk-b.csr usg-elk-c-keystore.jks
certs gen_client_node_cert.sh kirk.crt.pem kirk-signed.pem spock.key.pem usg-elk-a.csr usg-elk-b-keystore.jks usg-elk-c-keystore.p12
clean.sh gen_node_cert.sh kirk.csr spock.all.pem spock-keystore.jks usg-elk-a-keystore.jks usg-elk-b-keystore.p12 usg-elk-c-signed.pem
crl gen_root_ca.sh kirk.key.pem spock.crtfull.pem spock-keystore.p12 usg-elk-a-keystore.p12 usg-elk-b-signed.pem
etc kirk.all.pem kirk-keystore.jks spock.crt.pem spock-signed.pem usg-elk-a-signed.pem usg-elk-c.csr

[root@ip-10-8-8-246 example-pki-scripts]# curl --insecure -E usg-elk-a-signed.pem https://10.8.8.246:9200/_cat/indices?v
Unauthorized

[root@ip-10-8-8-246 example-pki-scripts]# curl --cacert usg-elk-a-signed.pem https://10.8.8.246:9200/_cat/indices?v
curl: (60) Peer's certificate issuer has been marked as not trusted by the user.

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5f482471-478c-4ed2-8a16-1297dbe7e04c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.