Configuring SSL over http

Hi,

I'm new to Elasticsearch. I couldn't find an existing post. I'm trying to setup ssl over http. I have a .p12 file that is trusted over our network. I set:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: myKey.p12

I then ran:


./bin/elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password

When I start Elasticsearch I get the following error:

[2022-01-19T16:37:16,560][WARN ][stderr ] [node-1] ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.http.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager]; nested: IOException[keystore password was incorrect]; nested: UnrecoverableKeyException[failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.];
[2022-01-19T16:37:16,560][WARN ][stderr ] [node-1] Likely root cause: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

Elasticsearch is installed on Windows Server 2012 R2.

Is there anything else I need to set in the yaml file? Can this be an issue with Windows Server 2012 R2? The cert is using AES128 so I though it would be fine on Windows Server 2012 R2.

Thanks in advance.

Jason

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.