Please upgrade to ES 2.3.3 with SG 2.3.3.0-rc1 and SG SSL 2.3.3.11
> 1. In my cluster, i have 3 data nodes which can elect as the master node. I regard one data node as the client node. Is the try right?
No, a #sgsn can never be a #sgnsnc (you have to use server certificates with the OID for all your nodes!)
See
https://github.com/floragunncom/search-guard/wiki/Terminology for terminology
>
> 2. Is the entry "searchguard.authcz.admin_dn:"CN=kirk,OU=client,O=client,l=tEst, C=De" " only put in the client node' elasticsearch.yml? There is no need in the other data nodes?
elasticsearch.yml needs to be identical for all nodes
>
> 3.What is the error mean above?
That you try to join the cluster with a client certificate (without OID) instead of a server certificate
Meanwhile we have a good documentation for all this, pls. refer to
https://github.com/floragunncom/search-guard-ssl-docs
You can also inspect the vagrant demos to see how it works:
-
https://github.com/floragunncom/search-guard-ssl/blob/master/Vagrantfile
-
https://github.com/floragunncom/search-guard/blob/master/Vagrantfile
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to
search-guard...@googlegroups.com.
> To post to this group, send email to
search...@googlegroups.com.
> To view this discussion on the web visit
https://groups.google.com/d/msgid/search-guard/326e237e-690d-4137-9a4a-ed8724223516%40googlegroups.com.
> For more options, visit
https://groups.google.com/d/optout.