使用TLS的弹性转储-无法验证第一个证书
使用TLS的弹性转储-无法验证第一个证书
提问于 2020-11-20 05:37:45
使用具有TLS安全性的elasticsearch 7.9.3。我可以使用我生成的ca证书通过python、curl和openssl连接到它。
# These work, but this is a fake domain name
openssl s_client -connect node0:9200 -CAfile /etc/elasticsearch/certs/ca.pem
curl --cacert /etc/elasticsearch/certs/ca.crt -u "elastic:$ELASTIC_PASS" 'https://node0.elastic.test.com:9200/_cat/health'
# Node / elasticdump is not happy
$ elasticdump --input=./account_mapping.json --output="https://elastic:$ELASTIC_PASS@node0.elastic.test.com:9200/account" --type=mapping
Thu, 19 Nov 2020 21:28:50 GMT | starting dump
Thu, 19 Nov 2020 21:28:50 GMT | got 1 objects from source file (offset: 0)
Thu, 19 Nov 2020 21:28:50 GMT | Error Emitted => unable to verify the first certificate
Thu, 19 Nov 2020 21:28:50 GMT | Error Emitted => unable to verify the first certificate
Thu, 19 Nov 2020 21:28:50 GMT | Total Writes: 0
Thu, 19 Nov 2020 21:28:50 GMT | dump ended with error (get phase) => Error: unable to verify the first certificate
$ npm config set cafile /etc/elasticsearch/certs/ca.pem
# same result
Thu, 19 Nov 2020 21:28:50 GMT | dump ended with error (get phase) => Error: unable to verify the first certificate
$ elasticdump --input=../account_mapping.json --output="https://elastic:$ELASTIC_PASS@node1.elastic.test.com:9200/account" --type=mapping --output-ca=/etc/elasticsearch/certs/ca.pem
# same result其他帖子建议使用NODE_TLS_REJECT_UNAUTHORIZED=0运行,但这并没有解决这个问题。
回答 1
Stack Overflow用户
发布于 2020-11-20 05:37:45
如果您提供tlsAuth和output-ca标志,它就可以工作。
$ elasticdump --input=./account_mapping.json --output="https://elastic:$ELASTIC_PASS@node0.elastic.test.com:9200/account" --type=mapping --tlsAuth --output-ca=/etc/elasticsearch/certs/ca.pem页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/64920407
复制相关文章
相似问题
腾讯云开发者
