There are 9 elasticsearch_nodes in my configurations in 3 virtual machines.
In each VM, have 3 ES_nodes comprising of master, data, search load balancer, kibana and logstash.
For example in one of the VMs:
4001: ES_Master, 4116: Data, 4276: SLB, 5804: Logstash
netstat -anp | grep LISTEN | grep java
tcp6 0 0 :::3304 :::* LISTEN 5804/java
tcp6 0 0 :::3305 :::* LISTEN 5804/java
tcp6 0 0 192.168.0.1:9200 :::* LISTEN 4116/java
tcp6 0 0 192.168.0.1:9201 :::* LISTEN 4001/java
tcp6 0 0 192.168.0.1:9202 :::* LISTEN 4276/java
tcp6 0 0 192.168.0.1:9300 :::* LISTEN 4001/java
tcp6 0 0 192.168.0.1:9301 :::* LISTEN 4116/java
tcp6 0 0 192.168.0.1:9302 :::* LISTEN 4276/java
tcp6 0 0 :::3300 :::* LISTEN 5804/java
tcp6 0 0 :::3301 :::* LISTEN 5804/java
tcp6 0 0 :::3302 :::* LISTEN 5804/java
tcp6 0 0 :::3303 :::* LISTEN 5804/java
I’m using same “root-ca.pem” which I configured in kibana.yml for SSL communication with elasticsearch, which worked absolutely fine for kibana to curl the elasticsearch data, health, indices etc… but returning nothing…
Few of my commands:
No command returns anything output not even error, but if I miss --cacert flag:
$curl -XGET ‘https://192.168.0.1:9200/_indices/v’
returns: curl: (60) Peer’s certificate issuer has been marked as not trusted by the user.
More details here: http://curl.haxx.se/docs/sslcerts.html
curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.
This tells my es is secured, but how to curl it? I used example.sh in search-guard-ssl repository to generate the certs. Any help please…? How to curl search-guard secured ES?
But my ES do have indices, data and even health is green.