ejedev
commented
1 month ago Are you trying to run it as a cluster? The plugins.security.authcz.admin_dn and plugins.security.nodes_dn values need to be updated to match the certificates being generated by CertManager.
I ran into this issue as well and also needed to change the filepaths from this:
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node/tls.crt
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node/tls.key
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/node/ca.crt
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/admin/tls.crt
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/admin/tls.key
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/admin/ca.crtto this:
plugins.security.ssl.http.pemcert_filepath: /usr/share/wazuh-indexer/certs/node/tls.crt
plugins.security.ssl.http.pemkey_filepath: /usr/share/wazuh-indexer/certs/node/tls.key
plugins.security.ssl.http.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/node/ca.crt
plugins.security.ssl.transport.pemcert_filepath: /usr/share/wazuh-indexer/certs/node/tls.crt
plugins.security.ssl.transport.pemkey_filepath: /usr/share/wazuh-indexer/certs/node/tls.key
plugins.security.ssl.transport.pemtrustedcas_filepath: /usr/share/wazuh-indexer/certs/node/ca.crt
After updating to version v4.7.4 using Certmanager from this PR (https://github.com/wazuh/wazuh-kubernetes/pull/577) I am getting Indexer errors stating that "Transport client authentication is no longer supported".