I downloaded the CA Cert from my ElasticSearch cloud instance and put it in /usr/local/share/ca-certificates/. I then ran update-ca-certificates, which created a .pem file of my certificate under /etc/ssl/certs.
I updated my config.yaml file to connect to ElasticSearch, with the exporter settings below:
exporters:
logging:
verbosity: detailed
otlp/elastic:
endpoint: https://someid.apm.us-central1.gcp.cloud.es.io:443
headers:
Authorization: Bearer someToken
tls:
insecure: false
insecure_skip_verify: false
ca_file: "/etc/ssl/certs/certName.pem"
This is the error that I'm getting directly from the OpenTelemetry log:
authentication handshake failed: x509: certificate signed by unknown authority
However when I establish the connection using curl, the certs match. This the command:
curl -v --cacert "/etc/ssl/certs/certName.pem" https://someid.apm.us-central1.gcp.cloud.es.io:443
The fact that curl works but not the collector really stumps me, so I would appreciate any assistance. Also my collector is a binary that I'm executing inside of a docker container, if that's important. It is also important to note that if I bypassed the tls verification entirely, it works just fine but I need TLS to work in production.