SSL Configuration issue

  1. issue: SG complaint that “ PKIX path building failed: unable to find valid certification path to requested target”

  2. cert: generated with modified search-guard-scripts.


  1. root-ca.conf & sign-ca.conf: ca_dn: using my domain and name

  2. only gen_root_ca and gen_node_cert for each node reserved


line 34: DN=“CN=$NODE_NAME., OU=production, O=, L=, C=CN”

        line 49 & 63:  -ext san=dns:$NODE_NAME.<domain>,dns:localhost,ip:<fetch ip addr of each node>

elaticsearch.yml (11.2 KB)

elaticsearch-without-comment.yml (360 Bytes)

some-elasticsearch-log.log (39.2 KB)

  1. Elasticsearch 5.6.5 && Search Guard 5.6.5-18

  2. No Enterprise modules used

  3. Arch Linux && OpenJDK 1.8.0_144 <-=-> Debian 9 (stretch) && OpenJDK 1.8.0_151

  4. Configuration: Attachment

  5. Logs: Attachment

  6. No other plugins installed

also tried to use pem certs generated with certbot(letsencrypt) before i generated self signed certs.

SG complaint bad header. but both of two node is configured with pem.

Another Error I met is PKIX path validation failed: Path does not chain with any of the trust anchors

I’m a newbie in cluster management…and ssl/tls. cannot figure out what is wrong in the configuration…

am facing same issue search guard. have you resolved this issue. please ping solution steps.