Hello,
Version "7.8.0"
I use this command /usr/share/elasticsearch/bin/elasticsearch-certutil cert ca --pem --silent -in /var/tmp/instance.yml --out /var/tmp/certs.zip --pass $PASSWORD
I copy result in /etc/elasticsearch/conf.
did chmod 666 on all files.
Configure elasticsearch.yml with those files.
here is the part for security I also tried with relative path
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/conf/elktdata-0.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/conf/elktdata-0.crt
xpack.security.transport.ssl.certificate_authorities: [ "/etc/elasticsearch/conf/ca.crt" ]
I open the crt in windows and it does not look corrupt.
here is the stack trace
"stacktrace": ["java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]",
"at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:614) ~[elasticsearch-7.2.1.jar:7.2.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-7.2.1.jar:7.2.1]",
"at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-7.2.1.jar:7.2.1]",
"at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-7.2.1.jar:7.2.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:307) ~[elasticsearch-7.2.1.jar:7.2.1]",
"at org.elasticsearch.node.Node.<init>(Node.java:251) ~[elasticsearch-7.2.1.jar:7.2.1]",
"at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:221) ~[elasticsearch-7.2.1.jar:7.2.1]",
"at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:221) ~[elasticsearch-7.2.1.jar:7.2.1]",
"at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:349) [elasticsearch-7.2.1.jar:7.2.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) [elasticsearch-7.2.1.jar:7.2.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) [elasticsearch-7.2.1.jar:7.2.1]",
"at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-7.2.1.jar:7.2.1]",
"at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) [elasticsearch-cli-7.2.1.jar:7.2.1]",
"at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-7.2.1.jar:7.2.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) [elasticsearch-7.2.1.jar:7.2.1]",
"at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-7.2.1.jar:7.2.1]",
"Caused by: java.lang.reflect.InvocationTargetException",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]",
"at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]",
"at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]",
"at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]",
"at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.2.1.jar:7.2.1]",
"... 15 more",
"Caused by: java.lang.IllegalStateException: Error parsing Private Key from: /etc/elasticsearch/conf/elktdata-0.key",
"at org.elasticsearch.xpack.core.ssl.PemUtils.readPrivateKey(PemUtils.java:107) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.PEMKeyConfig.readPrivateKey(PEMKeyConfig.java:97) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.PEMKeyConfig.createKeyManager(PEMKeyConfig.java:58) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:383) ~[?:?]",
"at java.util.HashMap.computeIfAbsent(HashMap.java:1133) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:434) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:119) ~[?:?]",
"at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:143) ~[?:?]",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]",
"at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]",
"at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]",
"at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]",
"at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.2.1.jar:7.2.1]",
"... 15 more",
"Caused by: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.",
"at com.sun.crypto.provider.CipherCore.unpad(CipherCore.java:975) ~[?:?]",
"at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1056) ~[?:?]",
"at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853) ~[?:?]",
"at com.sun.crypto.provider.DESedeCipher.engineDoFinal(DESedeCipher.java:294) ~[?:?]",
"at javax.crypto.Cipher.doFinal(Cipher.java:2208) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.PemUtils.possiblyDecryptPKCS1Key(PemUtils.java:366) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.PemUtils.parsePKCS1Rsa(PemUtils.java:257) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.PemUtils.readPrivateKey(PemUtils.java:93) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.PEMKeyConfig.readPrivateKey(PEMKeyConfig.java:97) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.PEMKeyConfig.createKeyManager(PEMKeyConfig.java:58) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:383) ~[?:?]",
"at java.util.HashMap.computeIfAbsent(HashMap.java:1133) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:434) ~[?:?]",
"at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:119) ~[?:?]",
"at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:143) ~[?:?]",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]",
"at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]",
"at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]",
"at java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500) ~[?:?]",
"at java.lang.reflect.Constructor.newInstance(Constructor.java:481) ~[?:?]",
"at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-7.2.1.jar:7.2.1]",
"... 15 more"] }
When I run
/usr/share/elasticsearch/bin/elasticsearch-plugin list
repository-azure