Facing issue while configuring TLS

Elastic Stack Elasticsearch
1

Hi,
I'm, configuring Elasticsearch with TLS but facing error when I restart the Elasticsearch server
This is my Elasticsearch.yml configuration for security

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

This is the error I'm getting

[2022-03-15T12:32:23,041][ERROR][o.e.b.Bootstrap          ] [es-test-node-1] Exception
java.lang.IllegalArgumentException: a key must be provided to run as a server. the key should be configured using the [xpack.security.http.ssl.key] or [xpack.security.http.ssl.keystore.path] setting
	at org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport.<init>(SecurityNetty4HttpServerTransport.java:61) ~[?:?]
	at org.elasticsearch.xpack.security.Security.lambda$getHttpTransports$27(Security.java:1489) ~[?:?]
	at org.elasticsearch.node.Node.newHttpTransport(Node.java:1589) ~[elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.node.Node.<init>(Node.java:818) ~[elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.node.Node.<init>(Node.java:309) ~[elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:234) ~[elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:234) ~[elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:434) [elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:166) [elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:157) [elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:77) [elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:112) [elasticsearch-cli-7.17.0.jar:7.17.0]
	at org.elasticsearch.cli.Command.main(Command.java:77) [elasticsearch-cli-7.17.0.jar:7.17.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:122) [elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:80) [elasticsearch-7.17.0.jar:7.17.0]
[2022-03-15T12:32:23,048][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [es-test-node-1] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalArgumentException: a key must be provided to run as a server. the key should be configured using the [xpack.security.http.ssl.key] or [xpack.security.http.ssl.keystore.path] setting
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) ~[elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:157) ~[elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:77) ~[elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:112) ~[elasticsearch-cli-7.17.0.jar:7.17.0]
	at org.elasticsearch.cli.Command.main(Command.java:77) ~[elasticsearch-cli-7.17.0.jar:7.17.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:122) ~[elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:80) ~[elasticsearch-7.17.0.jar:7.17.0]
Caused by: java.lang.IllegalArgumentException: a key must be provided to run as a server. the key should be configured using the [xpack.security.http.ssl.key] or [xpack.security.http.ssl.keystore.path] setting
	at org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4HttpServerTransport.<init>(SecurityNetty4HttpServerTransport.java:61) ~[?:?]
	at org.elasticsearch.xpack.security.Security.lambda$getHttpTransports$27(Security.java:1489) ~[?:?]
	at org.elasticsearch.node.Node.newHttpTransport(Node.java:1589) ~[elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.node.Node.<init>(Node.java:818) ~[elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.node.Node.<init>(Node.java:309) ~[elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:234) ~[elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:234) ~[elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:434) ~[elasticsearch-7.17.0.jar:7.17.0]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:166) ~[elasticsearch-7.17.0.jar:7.17.0]

Please help me in resolving this

2

Not expert on that field but I guess that the message is telling everything:

a key must be provided to run as a server. the key should be configured using the [xpack.security.http.ssl.key] or [xpack.security.http.ssl.keystore.path] setting

Also upgrade your version 7.17.0 is not the latest from 7.17 :wink:
Or better use 8.1 which is now secured by default.

3

Even after adding the xpack.security.http.ssl.key configuration, getting the same error.

4

Hi,
I was using the wrong configuration file this whole time, that's why this issue was coming. I have resolved it by using the correct configuration file.

5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.