CURL on Linux - command line tips for Elasticsearch

If you want to connect to Elasticsearch from the Linux command line, you can do that with CURL, for example. The default port of Elasticsearch is Port 9200:

curl http://localhost:9200

However, you can or should setup Elasticsearch with TLS and a certificate. This happens, for example, if you have the official elastic-stack via Docker. Again, Elastic uses self-signed certificates. If you log into the Elasticsearch container via

docker exec -it elasticsearch /bin/bash

you will not be able to connect with a simple CURL command because of the TLS encryption. The error

curl: (52) Empty reply from server

is then almost self-explanatory: our connection attempt happened with http and not https (because this Docker container uses secured TLS connections). But if we now change the connection settings to https, the next error will occur and logging on to Elasticsearch will fail again:

curl: (60) Peer's Certificate issuer is not recognized.

The problem is quite clear: we try to establish a secure connection without specifying the Elastic username and a key. For this there are two simple solutions, namely firstly bypassing the certificate locally (not recommended, but working):

curl -u elastic:<YOUR-PASSWORD> https://localhost:9200 -k

or (which is the recommended way) we can declare the location of the Elasticsearch certificate:

curl -u elastic:<YOUR-PASSWORD> https://localhost:9200 --cacert /usr/share/elasticsearch/certs/ca/ca.crt

Note: <YOUR-PASSWORD> will be generated by the Docker container at startup and can then be viewed.

Tags: , ,

Leave a Reply

Your email address will not be published. Required fields are marked *

Do NOT follow this link or you will be banned from the site!