Hi,
I'm trying to perform a remote reindex and the remote ES has been configured with SSL by someone else. I was able to get the abc.p12
cert of the remote ES, as well as the password that was auto-generated (an alpha-numeric string).
I'm not very familiar with the TLS/cert concept and I'm a bit confused as to what I should do.
I currently have the following configurations in my /etc/elasticsearch/elasticsearch.yml
.
reindex.remote.whitelist: ["x.x.x.x:9200"]
reindex.ssl.keystore.path: abc.p12
xpack.security.enabled: true
xpack.security.http.ssl.enabled: false
xpack.security.enrollment.enabled: true
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/t.p12
truststore.path: certs/t.p12
I'm taking this page as reference.
I overwrote the xpack.security.transport.ssl.keystore.secure_password
and xpack.security.transport.ssl.truststore.secure_password
with the one I have for abc.p12
. However, I got the error message failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore (as a truststore) [/etc/elasticsearch/certs/t.p12] - this is usually caused by an incorrect password; (a keystore password was provided)
.
If I don't overwrite the 2 passwords, then I get another error instead: cannot read configured [PKCS12] keystore [/etc/elasticsearch/abc.p12] - this is usually caused by an incorrect password
t.p12
was used by the previous administrator to reindex from other remote ES. I'm not really sure if I need to provide my own t.p12
(or what it is for, actually).
What should I do?
Thank you.