-
issue: SG complaint that “sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target”
-
cert: generated with modified search-guard-scripts.
modification:
-
root-ca.conf & sign-ca.conf: ca_dn: using my domain and name
-
example.sh: only gen_root_ca and gen_node_cert for each node reserved
-
gen_node_cert.sh:
line 34: DN=“CN=$NODE_NAME., OU=production, O=, L=, C=CN”
line 49 & 63: -ext san=dns:$NODE_NAME.<domain>,dns:localhost,ip:<fetch ip addr of each node>
elaticsearch.yml (11.2 KB)
elaticsearch-without-comment.yml (360 Bytes)
some-elasticsearch-log.log (39.2 KB)
···
-
Elasticsearch 5.6.5 && Search Guard 5.6.5-18
-
No Enterprise modules used
-
Arch Linux && OpenJDK 1.8.0_144 <-=-> Debian 9 (stretch) && OpenJDK 1.8.0_151
-
Configuration: Attachment
-
Logs: Attachment
-
No other plugins installed
also tried to use pem certs generated with certbot(letsencrypt) before i generated self signed certs.
SG complaint bad header. but both of two node is configured with pem.
Another Error I met is sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
I’m a newbie in cluster management…and ssl/tls. cannot figure out what is wrong in the configuration…