If you want to connect to Elasticsearch from the Linux command line, you can do that with CURL, for example. The default port of Elasticsearch is Port 9200:
curl http://localhost:9200
However, you can or should setup Elasticsearch with TLS and a certificate. This happens, for example, if you have the official elastic-stack via Docker. Again, Elastic uses self-signed certificates. If you log into the Elasticsearch container via
docker exec -it elasticsearch /bin/bash
you will not be able to connect with a simple CURL command because of the TLS encryption. The error
curl: (52) Empty reply from server
is then almost self-explanatory: our connection attempt happened with http and not https (because this Docker container uses secured TLS connections). But if we now change the connection settings to https, the next error will occur and logging on to Elasticsearch will fail again:
curl: (60) Peer's Certificate issuer is not recognized.
The problem is quite clear: we try to establish a secure connection without specifying the Elastic username and a key. For this there are two simple solutions, namely firstly bypassing the certificate locally (not recommended, but working):
curl -u elastic:<YOUR-PASSWORD> https://localhost:9200 -k
or (which is the recommended way) we can declare the location of the Elasticsearch certificate:
curl -u elastic:<YOUR-PASSWORD> https://localhost:9200 --cacert /usr/share/elasticsearch/certs/ca/ca.crt
Note: <YOUR-PASSWORD> will be generated by the Docker container at startup and can then be viewed.
