I have a cluster of 3 servers with ELK 6.8.6 stack.
I'm trying to setup the 3rd server of the cluster, but it behaves somehow different.
I specify the following configuration for ssl:
xpack.security.enabled: true xpack.monitoring.collection.enabled: true xpack.security.http.ssl.enabled: false #xpack.security.http.ssl.verification_mode: certificate #xpack.security.http.ssl.key: my.key #xpack.security.http.ssl.certificate: my.pem #xpack.security.http.ssl.certificate_authorities: [ "my.ca" ] xpack.security.transport.ssl.enabled: true xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.type: PKCS12 xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 xpack.security.transport.ssl.keystore.password: "pass" xpack.security.transport.ssl.truststore.type: PKCS12 xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 xpack.security.transport.ssl.truststore.password: "pass"
With this configuration elasticsearch starts and works fine. However, as soon as I uncomment
xpack.security.http* options elasticsearch crashes at boot with the following traceback: https://pastebin.com/sKA7KUhg
It happens even with the options:
xpack.security.http.ssl.enabled: false xpack.security.http.ssl.verification_mode: none
I've checked the certificate with the openssl and it seems fine:
openssl verify -verbose -CAfile my.ca my.pem my.pem: OK
Another weird part of this situation that I have exactly the same
my.ca on two other servers and elasticsearch works fine with them.
Any ideas how to fix it?