failed to establish trust with server at unknown host; the server provided a certificate with subject name CN=es-9202 fingerprint 9cffa0f7bfa4374badc1fe1966f3e42a6fdab740 no keyUsage and no extendedKe

The error message indicates that the client failed to establish trust with the server due to issues with the server's certificate. The certificate provided by the server has the subject name "CN=es-9202" and the fingerprint "9cffa0f7bfa4374badc1fe1966f3e42a6fdab740".

The certificate is valid between the dates [2023-08-21T07:27:51Z] and [2122-07-28T07:27:51Z], and the current time is [2023-08-21T07:28:34.172206995Z]. Therefore, the certificate dates are valid.

However, there are a few issues with the certificate. It has no keyUsage and no extendedKeyUsage specified. Additionally, the certificate does not have any subject alternative names.

The certificate is issued by "CN=Elasticsearch security auto-configuration HTTP CA" and is signed by itself (self-issued). The fingerprint of the issuing certificate is "1b693d7eab7e3aca4780c5d9754aac17fd82b0ae".

The error message also states that the "CN=Elasticsearch security auto-configuration HTTP CA" certificate is not trusted in the SSL context being used. The SSL context has a trust configuration that specifies a trusted certificate with the subject "CN=Elasticsearch security auto-configuration HTTP CA" and the fingerprint "d8532e1879867d551186097a52e66d5bbb1fd462". However, the trusted certificate's fingerprint does not match the fingerprint of the issuing certificate.

The error is caused by a PKIX path validation failure, indicating that the certificate's chain of trust cannot be established with any of the trust anchors configured in the SSL context