Elasticsearch version:
- 7.5.2-oss with searchGuard
Describe the issue:
The Elasticsearch Run with the following nodes_dn in elasticsearch.yml:
searchguard.nodes_dn:
- "CN=es-combined-transport,OU=testing,O=another.com,C=BD"
But it fails to run with the following config:
searchguard.nodes_dn:
- "CN=es-combined-transport,OU=testing,O=mydb.com+O=another.com,C=BD"
Error:
{"type": "server", "timestamp": "2021-01-21T15:38:46,803Z", "level": "ERROR", "component": "c.f.s.t.SearchGuardRequestHandler", "cluster.name": "es-combined", "node.name": "es-combined-2", "message": "ElasticsearchException[Illegal parameter in http or transport request found.\nThis means that one node is trying to connect to another with \na non-node certificate (no OID or searchguard.nodes_dn incorrect configured) or that someone \nis spoofing requests. Check your TLS certificate setup as described here: See http://docs.search-guard.com/latest/troubleshooting-tls]" }
My transport certificate:
$ openssl x509 -text -noout -in transport.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:43:41:4f:fd:ce:da:48:7b:fa:ce:a3:ad:7a:93:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = elasticsearch, O = kubedb
Validity
Not Before: Jan 21 15:22:50 2021 GMT
Not After : Apr 21 15:22:50 2021 GMT
Subject: C = BD, O = mydb.com + O = another.com, OU = testing, CN = es-combined-transport
Questions:
- How to write the nodes_dn when Organization(O)/OrganizationUnits(OU)/Countries© is a list/array?