Elasticsearch upgrade 7.17 to 8.17 -- Elasticsearch is working using curl IP but not with client/application URL

Elastic Stack Kibana
1

Dear All, we are working on Elasticsearch upgrade from version 7.17 to 8.17.3. Elasticsearch has been updated and pulled data from source through Logstash. Able to view the indices/search result in Kibana and through curl command

curl --cacert "http.p12 path"  https://IP:9200/_search?q=search-filter.

Able to searc/view outcome for the above command. 

However, curl --cacert "http.p12 path"  https://application-URL.xx.xx/_search?q=search- filter is not giving any result.

Please refer the below result

Request completely sent off
http 1.1 200 ok
Cache-control-private
content-type" application/json;charset=utf-8
server: Microsoft-IIS 10.0
X-AspnetMVC-version:5.3
X-powered by:ASP.NET
X-content-type options:nosniff
X-frame-options: SAMEORIGIN
X-XSS-protection: 1;mode-block
Strict-Transport-Security: max-age 31536000; include subdomains
Access-control-Allow-Origins: *
Access-control-Request-method: GET, POST,HEAD, OPTIONS
content-Length: 2
[] *connection #0 to host FQDN left intact

Elasticsearch client is using application URL (FQDN) to retrieve data from Elasticsearch.

We have created new CA certificate and added server host name, application FQDN in the host name entry.

Please advise what could be reason for not getting result when using application URL in curl.

Please note that, Elasticsearch client application's code has been enhanced from Elastic.net & NEST to Elasticsearch client. We used basic authentication to connect Elasticsearch URL.

Important: The issue we are having only in production environment. No issue in DEV and UAT environment.

Elasticsearch YML file enabled with http, key (PKCS#12) format. Added newly generated CA and http certificates in trusted store.

Elastisearch and Elasticsearch client application are hosted in same server.

2

When it is working in dev, and not working in prod, could be the the response.
Do very basic test like telnet FQDN, check whether the port is open.
Write a basic client with the same credentials and certs, and test it.

3

Thanks JinnaBalu. port is open as able to run Elasticsearch 7.17 service and client is able to connect it. the problem is only for new version of Elasticsearch 8.17.

okay.. I'll write simple/basic console application to test it.. currently I am generating self-signed CA. Should I generate a CSR ?

4

The way you have written this:

is a bit strange. You want a http://hostname:port/... or https://hostname:port/... type syntax. The whole thing makes up what I'd refer to as the "application-URL"

Looks to me the response

http 1.1 200 ok
...
server: Microsoft-IIS 10.0
...

was from a different service on the host? That's certainly not a response from elasticsearch itself. Add -v you your curl and you'll see more, check you really are connecting to port 9200.