{"type": "server", "timestamp": "2021-01-21T15:38:46,803Z", "level": "ERROR", "component": "c.f.s.t.SearchGuardRequestHandler", "cluster.name": "es-combined", "node.name": "es-combined-2", "message": "ElasticsearchException[Illegal parameter in http or transport request found.\nThis means that one node is trying to connect to another with \na non-node certificate (no OID or searchguard.nodes_dn incorrect configured) or that someone \nis spoofing requests. Check your TLS certificate setup as described here: See http://docs.search-guard.com/latest/troubleshooting-tls]" }
My transport certificate:
$ openssl x509 -text -noout -in transport.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:43:41:4f:fd:ce:da:48:7b:fa:ce:a3:ad:7a:93:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = elasticsearch, O = kubedb
Validity
Not Before: Jan 21 15:22:50 2021 GMT
Not After : Apr 21 15:22:50 2021 GMT
Subject: C = BD, O = mydb.com + O = another.com, OU = testing, CN = es-combined-transport
Questions:
How to write the nodes_dn when Organization(O)/OrganizationUnits(OU)/Countries(C) is a list/array?
But the parser is failing, If I do the same thing with organization( O ).
I use standard certificate library in my code that read the certificate file and returns the node_dn in standard format, that is why it is not easy for me to use regular expression to workaround the error.
Can you please inform me, whether it is a bug that is going to be fixed in future?