Elasticsearch has been deployed to Linux and I have encountered a problem with the certificate signing. After following the steps to resolve these problems, I get an exception when I start Elasticsearch. How do I resolve this problem?
</>
uncaught exception in thread [main]
org.Elasticsearch.bootstrap.StartupException: org.Elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - the truststore [/usr/software/es/Elasticsearch-8.0.1/config/certs/elastic-stack-ca.p12] does not contain any trusted certificate entries
</>
org.Elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - the truststore [/usr/software/es/Elasticsearch-8.0.1/config/certs/elastic-stack-ca.p12] does not contain any trusted certificate entries
Likely root cause: org.Elasticsearch.common.ssl.SslConfigException: the truststore [/usr/software/es/Elasticsearch-8.0.1/config/certs/elastic-stack-ca.p12] does not contain any trusted certificate entries
You are attempting to use a CA key-pair as a truststore. That doesn't work - the idea of this CA is that it is the key to control your cluster, you usually don't want to have lots of copies of it lying around.
If you follow the docs mentioned above you'll see that the correct setup is:
</>
org.Elasticsearch.bootstrap.StartupException: org.Elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore (as a truststore) [/usr/software/es/Elasticsearch-8.0.1/config/certs/elastic-certificates.p12] - this is usually caused by an incorrect password; (a keystore password was provided)
</>
First of all, thank you for your help. I successfully started ElasticSerarch according to your instructions. However, there was an exception when I started ElasticSerarch
via logging into the cline of the already running ES container, and everything went well, except upon restart of the container (I'm running ES in Docker) it says:
today at 4:43:00 AMorg.Elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore (as a truststore) [/usr/share/Elasticsearch/config/elastic-certificates.p12] - this is usually caused by an incorrect password; (no password was provided)
I am guessing that for some reason the saving of the password to the stores didn't persist through restart of the container?
I did follow all of the examples for setting up the container and mounted a volume to store data. My entire volumes section in my compose looks like this (you can see the data volume as the 4th mounted volume):
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.