Issue with self signed certificate SSL Certificate Issue

Hello Team,
I have installed opendistro ES and kibana on linux machine(Server) using RPM.After successfull installation ES status coming as running but I am not able to access elasticsearch and kibana using Server ip address from my local windows machine as below.While hitting below url nothing is accessible.

https://172.16.23.27:9200

[root@master-node ~]# curl -XGET https://localhost:9200
curl: (60) Peer’s Certificate issuer is not recognized.

So I have created self signed certificate and replaced defualt opendistro ssl certificate’s( esnode.pem,esnode-key.pem,kirk-key.pem,kirk.pem,root-ca.pem located in /etc/elasticsearch)
with these self signed certificate but after that Elasticsearch is failed to start.Tried to start elasticsearch with below command

[root@master-node sslcertforopendistro]# sudo systemctl start elasticsearch.service
Job for elasticsearch.service failed because a timeout was exceeded. See “systemctl status elasticsearch.service” and “journalctl -xe” for details.

Please suggest how to access elasticsearch url with IPaddress from other different machine(windows)

Thanks
Sarvendra

I had created self signed .jks certificated using below commands.I had passed local ipaddress(192.168.1.3) from that machine where we need to access Elasticsearch url with ipaddress.

keytool -genkeypair -keystore keystore.jks -dname “CN=192.168.1.3, OU=192.168.1.3, O=192.168.1.3, L=noida, ST=up, C=in” -keypass Deepti@1985 -storepass Deepti@1985 -keyalg RSA -alias server -ext SAN=ip:192.168.1.3,ip:0.0.0.0

keytool -export -alias server -file client.cer -keystore keystore.jks

keytool -importcert -file client.cer -keystore truststore.jks -alias server

@opendistro Team,
Can you Pleasse suggeston this…how to create,configure and use self signed jkm certificate instead of default certificates.

Thanks
Sarvendra

Since these are self-signed, curl will not recognise them use -k with curl to disable certificate check and that should do it,