ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificateociated certificate is a CA certificate

huzaifa224 · July 30, 2022, 6:23pm

I have installed the elasticsearch and configure the all certificated as mentioned in document but when i tried to generate a token it give the error. However i have already added the Keystore by using the command

'./bin/elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password'

elasticsearch is running fine but its just give the error while i tried to create a token using command

bin/elasticsearch-create-enrollment-token -s kibana

Here is the my elasticsearch.yml

path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
network.host: 0.0.0.0
http.port: 9200
discovery.seed_hosts: ["127.0.0.1", "[::1]"]
discovery.type: single-node

xpack.security.enrollment.enabled: true
xpack.license.self_generated.type: basic
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/certs/http.p12
xpack.security.transport.ssl.enabled: false

Please let me know how can i fix this?

Yang_Wang · August 2, 2022, 12:29am

configure the all certificated as mentioned in document

Which document did you follow?

In general, if you choose to manually configure security (e.g. TLS), you can no longer use the security auto-configuration (including enrollment). It may be desirable to make the auto-configuration more flexible in the future so it can work on existing configuration. But for now, you will have to keep configuring manually once you started on that path.

huzaifa224 · August 2, 2022, 7:10am

Hi Yang,

I have follow these documents Set up basic security for the Elastic Stack | Elasticsearch Guide [8.3] | Elastic
Set up basic security for the Elastic Stack plus secured HTTPS traffic | Elasticsearch Guide [8.3] | Elastic.

I tried the configurations mentioned in above link and every start fine but when i tried to run token generate command bin/elasticsearch-create-enrollment-token -s kibana it give the error.

system · August 30, 2022, 7:10am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to create an enrollment token for Kibana. "Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificate" Elasticsearch elastic-stack-security	7	17775	April 8, 2022
Configured ELK Basic TLS Security Elasticsearch elastic-stack-security	3	290	July 27, 2022
Cannot generate enrollment token Elasticsearch elastic-stack-security	2	470	November 17, 2023
Cannot create an enrollment token to enrol a new elasticsearch node Elasticsearch elastic-stack-security	1	57	July 24, 2024
Import CA Cert as PrivateKeyEntry to HTTP Keystore - Solve Unable to create enrollment token Error Elasticsearch elastic-stack-security	4	9973	October 5, 2022

ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificateociated certificate is a CA certificate

Related Topics