ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificateociated certificate is a CA certificate

I have installed the elasticsearch and configure the all certificated as mentioned in document but when i tried to generate a token it give the error. However i have already added the Keystore by using the command

'./bin/elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password'

elasticsearch is running fine but its just give the error while i tried to create a token using command

bin/elasticsearch-create-enrollment-token -s kibana

Here is the my elasticsearch.yml

path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["127.0.0.1", "[::1]"]
discovery.type: single-node

xpack.security.enrollment.enabled: true
xpack.license.self_generated.type: basic
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/certs/http.p12
xpack.security.transport.ssl.enabled: false

Please let me know how can i fix this?

1 Like

configure the all certificated as mentioned in document

Which document did you follow?

In general, if you choose to manually configure security (e.g. TLS), you can no longer use the security auto-configuration (including enrollment). It may be desirable to make the auto-configuration more flexible in the future so it can work on existing configuration. But for now, you will have to keep configuring manually once you started on that path.

1 Like

Hi Yang,

I have follow these documents Set up basic security for the Elastic Stack | Elasticsearch Guide [8.3] | Elastic
Set up basic security for the Elastic Stack plus secured HTTPS traffic | Elasticsearch Guide [8.3] | Elastic.

I tried the configurations mentioned in above link and every start fine but when i tried to run token generate command bin/elasticsearch-create-enrollment-token -s kibana it give the error.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.