跳到主要內容

ELK - client 憑證無法建立連線

 http 開啟TLS,使用 PKI 驗證 client 憑證

xpack.security.http.ssl.certificate_authorities: /etc/elasticsearch/certs/ca.crt xpack.security.http.ssl.verification_mode: certificate xpack.security.http.ssl.client_authentication: optional xpack.security.authc.realms.pki.realm1.order: 1

發現一直出現錯誤訊息,CA憑證是信任的但是還是建立連線失敗?
太詭異了!

[2022-01-21T16:51:33,810][WARN ][o.e.c.s.DiagnosticTrustManager] [ES01] failed to establish trust with client at [<unknown host>]; the client provided a certificate with subject name [CN=ES01,DC=TW] and fingerprint [d33df0ef4c412115585e3f90dfdbccc696044232]; the certificate is issued by [CN=ROOT CA,DC=TW]; the certificate is signed by (subject [CN=ROOT CA,DC=TW] fingerprint [2b2f8bc39a8a84d640b3cf6cdbe659316ffe1e97] {trusted issuer}) which is self-issued; the [CN=ROOT CA,DC=TW] certificate is trusted in this ssl context ([xpack.security.http.ssl])

錯誤訊息往下看

Extended key usage does not permit use for TLS client authentication

原來使用工具產生的憑證,extKeyUsage 都會包含 clientAuth 與 serverAuth
而我剛剛好是用公司的CA產出,少了clientAuth,難怪驗不過去!!
參考

  keyUsage :
    digitalSignature,keyEncipherment
  1.3.6.1.4.1.311.21.7 :
  extKeyUsage :
    serverAuth
  1.3.6.1.4.1.311.21.10 :

留言

這個網誌中的熱門文章

小蟻智慧攝影機支援RTSP

來源: http://en.miui.com/thread-196713-1-1.html 小蟻智慧攝影機版本: 1.8.5.1l_201511061661(台灣版) 下載檔案 https://drive.google.com/file/d/0ByjBix7wpeJJY0ZWZXlvWl9Za1E/view?usp=sharing 把攝影機SD卡拿讀卡機讀取 把壓縮檔內的test資料夾放進SD根目錄 插回SD卡至攝影機 重開 攝影機會呈現橘燈並執行更新 等恢復至藍燈或是用app確認攝影機開啟 用VLC或相關程式讀取串流 Main stream:rtsp:// <CameraIP> :554/ch0_0.h264 Minor stream:rtsp:// <CameraIP> :554/ch0_1.h264 Audio stream:rtsp:// <CameraIP> :554/ch0_3.h264 Telnet與FTP開啟加上 # Telnet if [ ! -f "/etc/init.d/S88telnet" ]; then     echo "#!/bin/sh" > /etc/init.d/S88telnet     echo "telnetd &" >> /etc/init.d/S88telnet     chmod 755 /etc/init.d/S88telnet fi # FTP echo "#!/bin/sh" > /etc/init.d/S89ftp echo "tcpsvd -vE 0.0.0.0 21 ftpd -w / &" >> /etc/init.d/S89ftp chmod 755 /etc/init.d/S89ftp User:  root Password:  1234qwer 使用passwd改密碼 參考: http://en.miui.com/thread-224653-1-1.html

Arduino 滑鼠滾輪編碼器/旋轉編碼器

滑鼠拆下來的滾輪編碼器 時序為                      → CW A  -----------          -------------    HIGH                ----------                  LOW                      ← CCW B  --------          ----------------    HIGH             ----------                     LOW A B 1  1↓CW 1  0 0  0 0  1 1  1 1  0 0  0 0  1↑CCW 程式碼參考底下網址來源修改而來 #define ENCODER_A_PIN 2 #define ENCODER_B_PIN 3 unsigned long time = 0; long position = 0; long num = 0; void setup() { pinMode(ENCODER_A_PIN,INPUT); pinMode(ENCODER_B_PIN,INPUT); attachInterrupt(0, RotaryEncoder, LOW); Serial.begin(9600); ti...

V-USB Joystick for Arduino

上次做好沒存檔 這次再翻出來從弄一次...QAQ 花了我一天阿阿阿阿 D+ 接腳2 D-  接腳3 詳情請看usbconfig.h 想改搖桿配置可以用 HID Descriptor Tool 改完記得回usbconfig.h填 USB_CFG_HID_REPORT_DESCRIPTOR_LENGTH 長度 程式碼: https://www.dropbox.com/s/n0rgkb370wto2lv/UsbJOY.rar?dl=0