ElasticSearch Linux startup failed. Procedure

zx_emo · March 4, 2022, 1:52am

Elasticsearch has been deployed to Linux and I have encountered a problem with the certificate signing. After following the steps to resolve these problems, I get an exception when I start Elasticsearch. How do I resolve this problem?

</>
uncaught exception in thread [main]
org.Elasticsearch.bootstrap.StartupException: org.Elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - the truststore [/usr/software/es/Elasticsearch-8.0.1/config/certs/elastic-stack-ca.p12] does not contain any trusted certificate entries

</>
org.Elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - the truststore [/usr/software/es/Elasticsearch-8.0.1/config/certs/elastic-stack-ca.p12] does not contain any trusted certificate entries
Likely root cause: org.Elasticsearch.common.ssl.SslConfigException: the truststore [/usr/software/es/Elasticsearch-8.0.1/config/certs/elastic-stack-ca.p12] does not contain any trusted certificate entries

casterQ · March 4, 2022, 2:42am

you can follow this doc，get your P12 file, and add it in your Elasticsearch.yml

zx_emo · March 4, 2022, 3:08am

Thanks for your help. I'll give it a try

TimV · March 4, 2022, 3:26am

You are attempting to use a CA key-pair as a truststore. That doesn't work - the idea of this CA is that it is the key to control your cluster, you usually don't want to have lots of copies of it lying around.

If you follow the docs mentioned above you'll see that the correct setup is:

xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

zx_emo · March 4, 2022, 6:58am

Why am I prompted with password error after I have configured the path as instructed in the document?

zx_emo · March 4, 2022, 6:59am

</>
org.Elasticsearch.bootstrap.StartupException: org.Elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore (as a truststore) [/usr/software/es/Elasticsearch-8.0.1/config/certs/elastic-certificates.p12] - this is usually caused by an incorrect password; (a keystore password was provided)
</>

casterQ · March 4, 2022, 7:08am

here you need input the password when you set by ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

zx_emo · March 4, 2022, 8:38am

First of all, thank you for your help. I successfully started ElasticSerarch according to your instructions. However, there was an exception when I started ElasticSerarch

casterQ · March 4, 2022, 9:50am

I think this is a conf error or file problem，maybe you can follow doc try it all over again

zx_emo · March 4, 2022, 10:01am

@casterQ Thank you for your comments. I will check them carefully

YouveGotMeowxy · March 20, 2022, 9:47am

I followed the instructions on this page:

Set up basic security for the Elastic Stack | Elasticsearch Guide [8.1] | Elastic

via logging into the cline of the already running ES container, and everything went well, except upon restart of the container (I'm running ES in Docker) it says:

today at 4:43:00 AMorg.Elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore (as a truststore) [/usr/share/Elasticsearch/config/elastic-certificates.p12] - this is usually caused by an incorrect password; (no password was provided)

I am guessing that for some reason the saving of the password to the stores didn't persist through restart of the container?

I did follow all of the examples for setting up the container and mounted a volume to store data. My entire volumes section in my compose looks like this (you can see the data volume as the 4th mounted volume):

      volumes:
        - '/opt/docker/configs/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:rw'               # Config
        - '/opt/docker/configs/elasticsearch/config/elastic-certificates.p12:/usr/share/elasticsearch/config/elastic-certificates.p12:rw' # Cert
        - '/mnt/e/Docker/Logs/elasticsearch:/usr/share/elasticsearch/logs:rw'      # Logs
        - '/mnt/e/Docker/Elasticsearch/data:/usr/share/elasticsearch/data:rw'      # Data
        - '/mnt/e/Docker/Elasticsearch/backup:/usr/share/elasticsearch/backup:rw'  # Backup

How does one fix this issue?

system · April 17, 2022, 9:47am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Failed to load SSL configuration [xpack.security.transport.ssl] - the truststore [/etc/elasticsearch/certs/root.p12] does not contain any trusted certificate entries Elasticsearch	3	51	September 19, 2024
Failed to load SSL configuration [xpack.security.transport.ssl] - the truststore [/usr/share/elasticsearch/ssl/qa.pfx] does not contain any trusted certificate entries Elasticsearch elastic-stack-security , docker	3	1123	October 18, 2023
Truststore does not contain any trusted certificate entries Elasticsearch	1	763	August 14, 2023
The truststore does not contain any trusted certificate entries after upgrade to 8.0 Elasticsearch elastic-stack-security	5	8135	March 28, 2022
Failed to load SSL configuration Kibana elastic-stack-security , docker	2	1283	March 4, 2023

ElasticSearch Linux startup failed. Procedure

Related Topics