I downloaded the CA Cert from my ElasticSearch cloud instance and put it in /usr/local/share/ca-certificates/. I then ran update-ca-certificates, which created a .pem file of my certificate under /etc/ssl/certs.

I updated my config.yaml file to connect to ElasticSearch, with the exporter settings below:

exporters:
  logging:
    verbosity: detailed
  otlp/elastic:
    endpoint: https://someid.apm.us-central1.gcp.cloud.es.io:443
    headers:
      Authorization: Bearer someToken
    tls:
      insecure: false
      insecure_skip_verify: false
      ca_file: "/etc/ssl/certs/certName.pem"

This is the error that I'm getting directly from the OpenTelemetry log:

authentication handshake failed: x509: certificate signed by unknown authority

However when I establish the connection using curl, the certs match. This the command:

curl -v --cacert "/etc/ssl/certs/certName.pem" https://someid.apm.us-central1.gcp.cloud.es.io:443

The fact that curl works but not the collector really stumps me, so I would appreciate any assistance. Also my collector is a binary that I'm executing inside of a docker container, if that's important. It is also important to note that if I bypassed the tls verification entirely, it works just fine but I need TLS to work in production.

0

There are 0 answers