Issue with self signed certificate SSL Certificate Issue

Hello Team,
I have installed opendistro ES and kibana on linux machine(Server) using RPM.After successfull installation ES status coming as running but I am not able to access elasticsearch and kibana using Server ip address from my local windows machine as below.While hitting below url nothing is accessible.

[root@master-node ~]# curl -XGET https://localhost:9200
curl: (60) Peer’s Certificate issuer is not recognized.

So I have created self signed certificate and replaced defualt opendistro ssl certificate’s( esnode.pem,esnode-key.pem,kirk-key.pem,kirk.pem,root-ca.pem located in /etc/elasticsearch)
with these self signed certificate but after that Elasticsearch is failed to start.Tried to start elasticsearch with below command

[root@master-node sslcertforopendistro]# sudo systemctl start elasticsearch.service
Job for elasticsearch.service failed because a timeout was exceeded. See “systemctl status elasticsearch.service” and “journalctl -xe” for details.

Please suggest how to access elasticsearch url with IPaddress from other different machine(windows)


I had created self signed .jks certificated using below commands.I had passed local ipaddress( from that machine where we need to access Elasticsearch url with ipaddress.

keytool -genkeypair -keystore keystore.jks -dname “CN=, OU=, O=, L=noida, ST=up, C=in” -keypass Deepti@1985 -storepass Deepti@1985 -keyalg RSA -alias server -ext SAN=ip:,ip:

keytool -export -alias server -file client.cer -keystore keystore.jks

keytool -importcert -file client.cer -keystore truststore.jks -alias server

@opendistro Team,
Can you Pleasse suggeston this…how to create,configure and use self signed jkm certificate instead of default certificates.


Since these are self-signed, curl will not recognise them use -k with curl to disable certificate check and that should do it,