AWS Elastic Search Domain的Route53给出证书错误 [英] Route53 for AWS Elastic Search Domain gives certificate error

问题描述

我已经在弗吉尼亚州创建了一个AWS弹性搜索域，并获得了一个端点URL.

I have create a AWS elastic search domain in Virginia and got a Endpoint url.

现在，我想围绕它配置Route53行为，以便即使弹性搜索或发生灾难恢复时也有一些变化，呼叫者也可以使用相同的url.

Now I wanted to configure the Route53 behavior around it, so that a caller can use the same url, even though there is some change in elastic search or in case of a disaster recovery.

所以

弗吉尼亚州路线53-1指向-弗吉尼亚州弹性搜索域URL 俄勒冈州路线53-2指向-俄勒冈州弹性搜索域URL Main Route 53-3点指向-Route 53 1或2

Virginia Route 53 -- 1 Points to -- Virgina Elastic Search Domain URL Oregon Route 53 -- 2 Points to -- Oregon Elastic Search Domain URL Main Route 53 -- 3 Points to -- Route 53 1 or 2

我已经创建了这些证书，还创建并上传了带有正确SAN条目的SSL证书.但是当我执行时，

I have already create these and also created and uploaded SSL certificate with correct SAN entries. But when I execute,

curl https://mainroute53/health
curl https://virginiaroute53/health
curl https://oregonroute53/health

我收到此错误，

curl: (51) Unable to communicate securely with peer: requested domain name does not match the server's certificate.

但是当我直接调用Elastic Search URL时，它的工作原理.因此，我知道这与我使用证书的方式有关.任何帮助表示赞赏.

But when I am calling the Elastic Search URL directly its working. So I understand this is a issue with the way I am using the certificate. Any help appreciated.

推荐答案

您的Elastic Search端点将始终返回Elastic Search SSL证书.

Your Elastic Search endpoint will always return the Elastic Search SSL certificate.

因此，当为它创建Route 53别名"时，您可能会通过自定义DNS条目连接到它，但是Elastic Search仍将使用Elastic Search SSL证书.

So when you create a Route 53 "alias" for it, you may be connecting to it via your custom DNS entry, but Elastic Search will still use the Elastic Search SSL certificate.

由于您使用的DNS端点与SSL证书不匹配，因此会出现该错误.

Since the DNS endpoint you're using does not match the SSL certificate, you get that error.

您可以使用--insecure curl标志使它不检查SSL证书，但是这样做有风险.

You could use the --insecure curl flag to have it not check the SSL certificate, however, there are risks of doing that.

这篇关于AWS Elastic Search Domain的Route53给出证书错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！