I am setting up an OpenDistro cluster with Docker.
My organization utilizes a single cert across all our VM’s of the form
*.domainname.com. I am trying to use this cert and our CA for Elasticsearch transport / rest ssl encryption, kibana to elasticsearch encrypted, and logstash to elastic encrypted.
Because we only have this one cert, I am using self-signed certs for the admin certs.
The problem occurs when I try to enable hostname verification, which for us is a crucial security step.
My SSL config on elasticsearch.yml:
I’ve also confirmed that the admin and node dn’s are correct, though I won’t be posting them here for security.
The same general setup is consistent across other parts of the stack: if I disable hostname verification the stack runs without an issue, if I enable it, Kibana / Logstash report that Elasticsearch is dead, and the Elastic nodes say they can’t verify their hostname on the transport layer.
Any insight would be appreciated.