You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on May 3, 2021. It is now read-only.
I am not sure how exactly to test SSL with curl given the helm repo.
I manually ran the script to generate the elasticsearch.yml configuration for the security demo.
I copied the root-ca.pem into another pod in the same namespace
curl --cacert /usr/local/share/ca-certificates/es/root-ca.pem https://admin:admin@elasticsearch-opendistro-es-client-service:9200
curl: (60) SSL: no alternative certificate subject name matches target host name 'elasticsearch-opendistro-es-client-service'
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
bash-5.0#
How can I use curl and ssl with the demo configuration? enforce_hostname_verification is set to false but that doesn't seem to be related to my issue.
cluster.name: "docker-cluster"
network.host: 0.0.0.0
# minimum_master_nodes need to be explicitly set when bound on a public IP
# set to 1 to allow single node clusters
# Details: https://github.com/elastic/elasticsearch/pull/17288
discovery.zen.minimum_master_nodes: 1
######## Start OpenDistro for Elasticsearch Security Demo Configuration ########
# WARNING: revise all the lines below before you go into production
opendistro_security.ssl.transport.pemcert_filepath: esnode.pem
opendistro_security.ssl.transport.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
opendistro_security.ssl.transport.enforce_hostname_verification: false
opendistro_security.ssl.http.enabled: true
opendistro_security.ssl.http.pemcert_filepath: esnode.pem
opendistro_security.ssl.http.pemkey_filepath: esnode-key.pem
opendistro_security.ssl.http.pemtrustedcas_filepath: root-ca.pem
opendistro_security.allow_unsafe_democertificates: true
opendistro_security.allow_default_init_securityindex: true
opendistro_security.authcz.admin_dn:
- CN=kirk,OU=client,O=client,L=test, C=de
opendistro_security.audit.type: internal_elasticsearch
opendistro_security.enable_snapshot_restore_privilege: true
opendistro_security.check_snapshot_restore_write_privileges: true
opendistro_security.restapi.roles_enabled: ["all_access", "security_rest_api_access"]
cluster.routing.allocation.disk.threshold_enabled: false
node.max_local_storage_nodes: 3
######## End OpenDistro for Elasticsearch Security Demo Configuration ########
The text was updated successfully, but these errors were encountered:
Thanks. I believe I know what the issue is. I need to generate new certificates to test that have alternate names than match the dns records in Kubernetes. I was able to generate these I just need to mount the certs and configs, then test.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I am not sure how exactly to test SSL with curl given the helm repo.
I manually ran the script to generate the elasticsearch.yml configuration for the security demo.
I copied the root-ca.pem into another pod in the same namespace
I can curl with --insecure and that works:
How can I use curl and ssl with the demo configuration? enforce_hostname_verification is set to false but that doesn't seem to be related to my issue.
The text was updated successfully, but these errors were encountered: