Elastic search issue with Open Distro

we have defined the following in .ini file: Assigned Values:

opendistro_security.ssl.http.enabled= True
Kesystore type = PKCS12
keystore_filepath = /relativepath.pfx
truststore_type = PKCS12
truststore-filepath =/relativepath.pfx

```We are getting below error message when we execute .Net application:


Caused by: org.elasticsearch.ElasticsearchSecurityException: Error while initializing transport SSL layer: java.io.IOException: keystore password was incorrect

Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

esolutions we tried:

1. Changed different passwords of Pfx as well as defined in setting_override.ini (eg. “changeit”). Also added Pfx file to respective directory.
2. Checked PFX file by both import/ export by creating new password and also added that in MMC and checked.
3. Added default password for Truststore type and Keystore Type as per the [this URL](https://opendistro.github.io/for-elasticsearch-docs/docs/security/configuration/tls/)
4. Placed Pfx file inside config folder of Elastic Search

But still we are facing issue.

In [this URL](https://discuss.elastic.co/t/elasticsearch-ssl-certificate-error-javax-crypto-badpaddingexception-given-final-block-not-properly-padded/247783/3) they have mentioned the following settings such as:

- xpack.security.enabled=true
- xpack.security.http.ssl.enabled=true
- xpack.security.http.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
- xpack.security.http.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
- xpack.security.http.ssl.keystore.password=password
- xpack.security.http.ssl.truststore.password=password
- xpack.security.transport.ssl.enabled=true
- xpack.security.transport.ssl.verification_mode=certificate
- xpack.security.transport.ssl.keystore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
- xpack.security.transport.ssl.truststore.path=/usr/share/elasticsearch/config/elastic-certificates.p12
- xpack.security.transport.ssl.keystore.password=password
- xpack.security.transport.ssl.truststore.password=password


1. Do we need to mention all this settings for our application?
2. Is the above setting applicable for XPack (or) it will get applicable for Open Distro also?
3. Is elastic search will have separate password? If so where can we check password related to Elastic Search?
4. Do we need to assign same password of Elastic search to Truststore type and Key store type?
5. I dont know the default password of Elastic search. Where can i find it??

Kindly check and respond immediately. As there is some immediate requirement.

OpenSearch/OpenDistro are AWS run products and differ from the original Elasticsearch and Kibana products that Elastic builds and maintains. You may need to contact them directly for further assistance.

(This is an automated response from your friendly Elastic bot. Please report this post if you have any suggestions or concerns :elasticheart: )

Welcome to our community! :smiley:

You will need to remove any non-Elasticsearch settings please, then post if you're still having issues. We can't help if you are mixing distributions unfortunately.

OpenDistro is as far as I know not compatible with the default distribution of Elasticsearch. You either need to use the OSS distribution with OpenDistro or completely remove OpenDistro (in this case I would recommend you also upgrade to the latest version as the one you are using is quite old and EOL).

OpenDistro is not supported in this forum, so if you go with that option I would recommend you ask in their forum.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.