Problem with ES 5.2 running ReadonlyRest plugin connecting to elastisearch-head

[nan008]

I have problem connecting to ES 5.2 with elasticsearch-readonlyrest-plugin 1.14.0, my elasticsearch-head is webserver/filesystem. I need to provide a cert with the request. something similar I have with Logstash in conf file or Kibana yml file

ssl => true cacert => ["/etc/logstash/Logstash_cert.pem"]

Even when I will go with the basic authorization but my ES is responding with log entry for elasticsearch-head.

[2017-03-15T12:34:01,231][ERROR][o.e.p.r.SSLTransportNetty4] [4DfeseL] exception in SSL transport: javax.net.ssl.SSLException: Received fatal alert: unknown_ca

Any suggestions where can indicate in elasticsearch-head that I am sending a cert?

[nan008]

I got an answer from readonlyrest plugin developer:

Looks more like Head needs the equivalent of either of these two Kibana settings:

elasticsearch.ssl.certificateAuthorities: [ "/path/to/your/CA.pem" ]
elasticsearch.ssl.verificationMode: none

or you need to fix your SSL cert, like: make sure your cert is not self-signed and chain is included in the JKS.

Keep in mind that if your cert is self signed and want to keep it like this, Head needs to implement the equivalent of "verificationMode" above.

We have self signed cert for ESK and it is working for the rest of the environment, is there any way you can include this in the plugin as Shield has something similar and it cover both certs.