I’m trying open distro for a mission.
The server is obviously working fine.
But when I try to connect the ELB Filebeat agent I encounter an error message on the client as follows:
[root@client-test ~]# filebeat setup
Exiting: Couldn’t connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch https://x.x.x.x:9200: Get https://x.x.x.x:9200: x509: certificate is valid for 127.0.0.1, not x.x.x.x]
reading the error message I suspect that the problem is a certificate but I do not know which one and how to fix it.
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
fc:45:ed:59:96:a1:16:a3
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = DE, O = DSV, OU = PAS, CN = checkmk.pas.dsv-gruppe.de, emailAddress = pexlog@dsv-gruppe.de
Validity
Not Before: Feb 19 16:15:57 2020 GMT
Not After : Dec 28 16:15:57 2029 GMT
Subject: CN =XXXX, OU = XXX, O = XXX, L = XXX, C = DE
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d5:31:cc:c9:f9:12:d3:54:ff:83:52:c7:ab:ce:
...
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Extended Key Usage: critical
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Subject Key Identifier:
7C:29:2E:33:6E:A2:85:10:EB:64:9E:72:ED:14:38:A3:1B:C3:75:DA
X509v3 Authority Key Identifier:
keyid:9E:05:39:F5:D5:D7:C9:80:61:FB:CC:02:35:63:FC:BC:04:27:86:19
X509v3 Basic Constraints: critical
CA:FALSE, pathlen:0
X509v3 Subject Alternative Name:
DNS:localhost, <Servername>, DNS:<Servername2>, IP Address:127.0.0.1, IP Address:<IP>, Registered ID:1.2.3.4.5.5
Signature Algorithm: sha256WithRSAEncryption
1e:a0:8a:f0:42:db:c2:c5:f9:cb:5f:d8:37:0d:88:c2:6d:d1:
....
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Important are the subject Alternative Names - there needs to be the address which you are using to call the elastic server (DNS-Name, IP-Adress etc.) and also the Registered ID 1.2.3.4.5.5 - without that elastic did not accept my certificate for access
I’m completly stacked at this point…having the same problem, or very similar.
ERROR fileset/factory.go:134 Error loading pipeline: Error creating Elasticsearch client: couldn't connect to any of the configured Elasticsearch hosts. Errors: [error connecting to Elasticsearch at https://10.0.1.1:9200: Get "https://10.0.1.1:9200": x509: certificate is valid for 127.0.0.1, not 10.0.1.1]
I have Elasticsearch listening at 10.0.1.1 and a remote Filebeat. Also same problem for a local Filebeat whentrying to reach Elasticsearch at 10.0.1.1.
I generated a node.crt and I have the .pem certificates and I tried to generate a .crt and placing it the folder, for configuring the same
error loading config file: yaml: line 149: did not find expected key
The node.crt that I generated:
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
72:3c:de:1f:e4:3f:1d:3f:69:5a:a8:00:8b:90:ab:86:03:9c:c7:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: C = countrycode, ST = State, L = City, O = Company, CN = Name, emailAddress = mail
Validity
Not Before: Jul 13 23:56:10 2020 GMT
Not After : Aug 12 23:56:10 2020 GMT
Subject: C = countrycode, ST = State, L = City, O = companyname, CN = Name, emailAddress = mail
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:5a:26:d2:05:79:92:cf:6e:7e:2f:ca:de:2d:
...
Exponent: 65537 (0x10001)
Signature Algorithm: sha256WithRSAEncryption
...
-----BEGIN CERTIFICATE-----
@xuann it would appear that the “X509v3 Subject Alternative Name” is missing from your certificate, have a look at the previous comment for a good example