Failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12]

Jerry-yz · February 8, 2024, 9:29am

wehn i run es with docker; my docker run cmd is:
docker run -itd -p 9200:9200 -m 2GB --privileged=true -v $PWD/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v $PWD/data:/usr/share/elasticsearch/data -v $PWD/logs:/usr/share/elasticsearch/logs docker.elastic.co/elasticsearch/elasticsearch:8.11.1
but i got error:
"log.level":"ERROR", "message":"fatal exception while booting Elasticsearch", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.Elasticsearch","elasticsearch.node.name":"462e8444db1c","elasticsearch.cluster.name":"docker-cluster","error.type":"org.elasticsearch.ElasticsearchSecurityException","error.message":"failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore (as a truststore) [/usr/share/elasticsearch/config/certs/transport.p12] because the file does not exist","error.stack_trace":"org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore (as a truststore) [/usr/share/elasticsearch/config/certs/transport.p12] because the file does not exist\n\tat org.elasticsearch.xcore@8.11.1/org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSslConfigurations$11(SSLService.java:620)\n\tat java.base/java.util.HashMap.forEach(HashMap.java:1429)\n\tat java.base/java.util.Collections$UnmodifiableMap.forEach(Collections.java:1707)\n\tat org.elasticsearch.xcore@8.11.1/org.elasticsearch.xpack.core.ssl.SSLService.loadSslConfigurations(SSLService.java:616)\n\tat org.elasticsearch.xcore@8.11.1/org.elasticsearch.xpack.core.ssl.SSLService.(SSLService.java:160)\n\tat org.elasticsearch.xcore@8.11.1/org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:502)\n\tat org.elasticsearch.xcore@8.11.1/org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:342)\n\tat org.elasticsearch.server@8.11.1/org.elasticsearch.node.Node.lambda$new$17(Node.java:759)\n\tat org.elasticsearch.server@8.11.1/org.elasticsearch.plugins.PluginsService.lambda$flatMap$1(PluginsService.java:263)\n\tat java.base/java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:273)\n\tat java.base/java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:197)\n\tat java.base/java.util.AbstractList$RandomAccessSpliterator.forEachRemaining(AbstractList.java:722)\n\tat java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:509)\n\tat java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)\n\tat java.base/java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:575)\n\tat java.base/java.util.stream.AbstractPipeline.evaluateToArrayNode(AbstractPipeline.java:260)\n\tat java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:616)\n\tat java.base/java.util.stream.ReferencePipeline.toArray(ReferencePipeline.java:622)\n\tat java.base/java.util.stream.ReferencePipeline.toList(ReferencePipeline.java:627)\n\tat org.elasticsearch.server@8.11.1/org.elasticsearch.node.Node.(Node.java:775)\n\tat org.elasticsearch.server@8.11.1/org.elasticsearch.node.Node.(Node.java:344)\n\tat org.elasticsearch.server@8.11.1/org.elasticsearch.bootstrap.Elasticsearch$2.(Elasticsearch.java:236)\n\tat org.elasticsearch.server@8.11.1/org.elasticsearch.bootstrap.Elasticsearch.initPhase3(Elasticsearch.java:236)\n\tat org.elasticsearch.server@8.11.1/org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:73)\nCaused by: org.elasticsearch.common.ssl.SslConfigException: cannot read configured [PKCS12] keystore (as a truststore) [/usr/share/elasticsearch/config/certs/transport.p12] because the file does not exist\n\tat org.elasticsearch.sslconfig@8.11.1/org.elasticsearch.common.ssl.SslFileUtil.fileNotFound(SslFileUtil.java:66)\n\tat org.elasticsearch.sslconfig@8.11.1/org.elasticsearch.common.ssl.SslFileUtil.ioException(SslFileUtil.java:37)\n\tat org.elasticsearch.sslconfig@8.11.1/org.elasticsearch.common.ssl.StoreTrustConfig.readKeyStore(StoreTrustConfig.java:98)\n\tat org.elasticsearch.sslconfig@8.11.1/org.elasticsearch.common.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:82)\n\tat org.elasticsearch.xcore@8.11.1/org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:479)\n\tat java.base/java.util.HashMap.computeIfAbsent(HashMap.java:1228)\n\tat org.elasticsearch.xcore@8.11.1/org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSslConfigurations$11(SSLService.java:618)\n\t... 23 more\nCaused by: java.nio.file.NoSuchFileException: /usr/share/elasticsearch/config/certs/transport.p12\n\tat java.base/sun.nio.fs.UnixException.translateToIOException(UnixException.java:92)\n\tat java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:106)\n\tat java.base/sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:111)\n\tat java.base/sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:261)\n\tat java.base/java.nio.file.Files.newByteChannel(Files.java:379)\n\tat java.base/java.nio.file.Files.newByteChannel(Files.java:431)\n\tat java.base/java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:420)\n\tat java.base/java.nio.file.Files.newInputStream(Files.java:159)\n\tat org.elasticsearch.sslconfig@8.11.1/org.elasticsearch.common.ssl.KeyStoreUtil.readKeyStore(KeyStoreUtil.java:71)\n\tat org.elasticsearch.sslconfig@8.11.1/org.elasticsearch.common.ssl.StoreTrustConfig.readKeyStore(StoreTrustConfig.java:94)\n\t... 27 more\n"}

TimV · February 12, 2024, 2:27am

The error message is telling you what the problem is - have you checked the file?

Jerry-yz · February 18, 2024, 3:22am

i check this file, not exists; but when i run es not use mount config file, it can work for me

TimV · February 20, 2024, 1:54am

I don't understand.

The error is telling you that the file doesn't exist.
You agree that the file does not exist.

What is the problem we're trying to solve?
If your elasticsearch.yml configuration is referencing a PKCS#12 file that does not exist, then you cannnot start the node.

system · March 19, 2024, 1:54am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.