Issue with self signed certificate SSL Certificate Issue

Hello Team,
I have installed opendistro ES and kibana on linux machine(Server) using RPM.After successfull installation ES status coming as running but I am not able to access elasticsearch and kibana using Server ip address from my local windows machine as below.While hitting below url nothing is accessible.

[root@master-node ~]# curl -XGET https://localhost:9200
curl: (60) Peer’s Certificate issuer is not recognized.

So I have created self signed certificate and replaced defualt opendistro ssl certificate’s( esnode.pem,esnode-key.pem,kirk-key.pem,kirk.pem,root-ca.pem located in /etc/elasticsearch)
with these self signed certificate but after that Elasticsearch is failed to start.Tried to start elasticsearch with below command

[root@master-node sslcertforopendistro]# sudo systemctl start elasticsearch.service
Job for elasticsearch.service failed because a timeout was exceeded. See “systemctl status elasticsearch.service” and “journalctl -xe” for details.

Please suggest how to access elasticsearch url with IPaddress from other different machine(windows)


I had created self signed .jks certificated using below commands.I had passed local ipaddress( from that machine where we need to access Elasticsearch url with ipaddress.

keytool -genkeypair -keystore keystore.jks -dname “CN=, OU=, O=, L=noida, ST=up, C=in” -keypass Deepti@1985 -storepass Deepti@1985 -keyalg RSA -alias server -ext SAN=ip:,ip:

keytool -export -alias server -file client.cer -keystore keystore.jks

keytool -importcert -file client.cer -keystore truststore.jks -alias server

@opendistro Team,
Can you Pleasse suggeston this…how to create,configure and use self signed jkm certificate instead of default certificates.


Since these are self-signed, curl will not recognise them use -k with curl to disable certificate check and that should do it,

Hi @sarvendras did you manage to get the curl command working?

Good Day Friends,

I am currently facing a similar issue in which when I am trying to connect to Kibana I am getting a connection refused and when I do a telnet to the kibana machine it has stopped listening on port 443 but when I am doing a systemctl status Kibana and systemctl status elastic it shows active.

I am not sure how to fix this issue and my Kibana interface is currently down.

I have double checked IPtables and ufw but both seems to be off and I see the following two errors which I am doing curl:

Appreciate some help in this thanks.

curl: (7) Failed connect to; Connection refused
[root@securitycenter elasticsearch]# curl -X GET https://localhost:9200/
curl: (60) Peer’s Certificate issuer is not recognized.


have you tried it with -k option as mentioned above?
You can also test the connection with openssl:
openssl s_client -connect -showcerts

Btw. in your link its not https, so maybe your routing to https doesn’t work ?!?