Elasticsearch version:
- 1.9.0-opendistro
Describe the issue:
The Elasticsearch Run with the following nodes_dn in elasticsearch.yml:
opendistro_security.nodes_dn:
- "CN=es-combined-transport,OU=testing,O=db.com,C=BD"
But it fails to run with the following config:
opendistro_security.nodes_dn:
- "CN=es-combined-transport,OU=testing,O=db.com+O=another.com,C=BD"
Error:
[2021-01-22T04:53:41,606][ERROR][c.a.o.s.t.OpenDistroSecurityRequestHandler] [es-combined-2] ElasticsearchException[Illegal parameter in http or transport request found.
This means that one node is trying to connect to another with
a non-node certificate (no OID or security.nodes_dn incorrect configured) or that someone
is spoofing requests. Check your TLS certificate setup as described here: See https://opendistro.github.io/for-elasticsearch-docs/docs/troubleshoot/tls/]
[2021-01-22T04:53:42,205][ERROR][c.a.o.s.t.OpenDistroSecurityRequestHandler] [es-combined-2] ElasticsearchException[Illegal parameter in http or transport request found.
This means that one node is trying to connect to another with
a non-node certificate (no OID or security.nodes_dn incorrect configured) or that someone
is spoofing requests. Check your TLS certificate setup as described here: See https://opendistro.github.io/for-elasticsearch-docs/docs/troubleshoot/tls/]
My transport certificate:
$ openssl x509 -text -noout -in transport.crt
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0d:43:41:4f:fd:ce:da:48:7b:fa:ce:a3:ad:7a:93:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN = elasticsearch, O = kubedb
Validity
Not Before: Jan 21 15:22:50 2021 GMT
Not After : Apr 21 15:22:50 2021 GMT
Subject: C = BD, O = mydb.com + O = another.com, OU = testing, CN = es-combined-transport
Question:
- How to write the nodes_dn when Organization(O)/OrganizationUnits(OU)/Countries(C) is a list/array?