英文:
Opensearch Error pinging Elastic server: x509 certificate signed by unknown authority
问题
我正在尝试使用Go语言构建一个Opensearch客户端。然而,在ping Opensearch服务器时遇到了一个错误。错误消息如下所示:
{"level":"error","time":"2023-04-28T02:29:00+03:00","message":"Failed to build ES client: error pinging elastic server: Get \"https://192.168.8.136:9200/\": x509: certificate signed by unknown authority"}
{"level":"error","time":"2023-04-28T02:29:00+03:00","message":"Failed to initialize service ===>: error possible due to certificate issue"}
我理解这个错误与SSL/TLS证书有关,该证书未被客户端信任。有人能提供一个可能解决这个问题的解决方案吗?我已经尝试禁用证书验证,但没有帮助。提前感谢您的帮助。
向chatgpt致敬,为我撰写了这个问题。
英文:
I am trying to build an Opensearch client using Go language. However, I am facing an error while pinging the Opensearch server. The error message is as follows:
{"level":"error","time":"2023-04-28T02:29:00+03:00","message":"Failed to build ES client: error pinging elastic server: Get \"https://192.168.8.136:9200/\": x509: certificate signed by unknown authority"}
{"level":"error","time":"2023-04-28T02:29:00+03:00","message":"Failed to initialize service ===>: error possible due to certificate issue"}
I understand that this error is related to the SSL/TLS certificate, which is not trusted by the client. Can anyone suggest a possible solution to resolve this issue? I have already tried disabling certificate validation, but it did not help. Thank you in advance for your help.
Kudos to chatgpt for writing the question for me.
答案1
得分: 2
这个配置意味着你允许服务器使用演示证书。但这并不改变演示证书在客户端中的不受信任的事实。如果你想让它工作,你可以配置客户端忽略证书错误:
package main
import (
"crypto/tls"
"fmt"
"net/http"
"net/http/httputil"
)
func main() {
req, err := http.NewRequest("GET", "https://localhost:9200", nil)
if err != nil {
panic(err)
}
req.SetBasicAuth("admin", "admin")
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
}
res, err := client.Do(req)
if err != nil {
panic(err)
}
defer res.Body.Close()
buf, err := httputil.DumpResponse(res, true)
if err != nil {
panic(err)
}
fmt.Printf("%s\n", buf)
}
InsecureSkipVerify: true 使客户端忽略证书错误。opensearch-go 包 可以接受相同的配置,如下所示:
cfg := opensearch.Config{
// ...
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
}
另一个选项是修改 opensearch.yml 文件以在服务器上禁用 HTTPS:
plugins.security.ssl.http.enabled: false
注意:在生产环境中,不要忽略服务器证书错误或禁用 HTTPS。
英文:
> I expected this configuration to allow me with untrusted certs
>
>
> plugins.securtiy.allow_unsafe_democertificates=true
>
This configuration means that you allow the server to use the demo certificate. It does not change the fact that the demo certificate is untrusted by the client. If you want to make it work, you can configure the client to ignore certificate errors:
package main
import (
"crypto/tls"
"fmt"
"net/http"
"net/http/httputil"
)
func main() {
req, err := http.NewRequest("GET", "https://localhost:9200", nil)
if err != nil {
panic(err)
}
req.SetBasicAuth("admin", "admin")
client := &http.Client{
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
}
res, err := client.Do(req)
if err != nil {
panic(err)
}
defer res.Body.Close()
buf, err := httputil.DumpResponse(res, true)
if err != nil {
panic(err)
}
fmt.Printf("%s\n", buf)
}
InsecureSkipVerify: true makes the client ignore the certificate errors. The opensearch-go package accepts the same configuration like this:
cfg := opensearch.Config{
/// ...
Transport: &http.Transport{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
}
Another options is to modify opensearch.yml to disable HTTPS on the server:
plugins.security.ssl.http.enabled: false
Note: Neither ignore server certificate errors nor disable HTTPS when go into production.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论