Hello,
I have a cluster of 3 servers with ELK 6.8.6 stack.
I'm trying to setup the 3rd server of the cluster, but it behaves somehow different.
I specify the following configuration for ssl:
xpack.security.enabled: true
xpack.monitoring.collection.enabled: true
xpack.security.http.ssl.enabled: false
#xpack.security.http.ssl.verification_mode: certificate
#xpack.security.http.ssl.key: my.key
#xpack.security.http.ssl.certificate: my.pem
#xpack.security.http.ssl.certificate_authorities: [ "my.ca" ]
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.type: PKCS12
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.keystore.password: "pass"
xpack.security.transport.ssl.truststore.type: PKCS12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.password: "pass"
With this configuration elasticsearch starts and works fine. However, as soon as I uncomment xpack.security.http*
options elasticsearch crashes at boot with the following traceback: https://pastebin.com/sKA7KUhg
It happens even with the options:
xpack.security.http.ssl.enabled: false
xpack.security.http.ssl.verification_mode: none
I've checked the certificate with the openssl and it seems fine:
openssl verify -verbose -CAfile my.ca my.pem
my.pem: OK
Another weird part of this situation that I have exactly the same my.key
, my.pem
, my.ca
on two other servers and elasticsearch works fine with them.
Any ideas how to fix it?