Failing to start Enterprise Search Once Adding ent_search.ssl Configs in enterprise-search.yml

Hello Guys,
I am trying to set HTTPS in my Free Enterprise Search (Installed using .rpm in RedHat7)

(By the way I have setup Elasticsearch it is running fine using HTTPS in the same server)

Here is my enterprise-search.yml configs:

ent_search.ssl.enabled: true
ent_search.ssl.keystore.path: "certs/clientkeystore"
ent_search.ssl.keystore.password: "XXX"
ent_search.ssl.keystore.key_password: "XXX"

My end goal is to use App Search (i.e. that has to be accessed via port 3002 using HTTPS)

I can start enterprise-search using: systemctl start enterprise-search
when I comment these ent_search.ssl configs

Please note, I created my store key using below command:
keytool -keystore clientkeystore -genkey -alias client

And stored the keystore in:
/usr/share/enterprise-search/config/certs
I have chown to enterprise-search

No logs in the log file
/var/log/enterprise-search/app-server.log

Hi Dustan -

Can you provide the version and the exact error output you receive when you try and start Enterprise Search?

Also, have you tried using the absolute path to the keystore? i.e.:

ent_search.ssl.keystore.path: "/usr/share/enterprise-search/config/certs/clientkeystore"

Hello @Mark_Hoy

Version number is 7.9.2 installed using this: enterprise-search-7.9.2.rpm file downloaded from Elasticsearch website

No error when starting, unfortunately there is no logs written here too
/var/log/enterprise-search/app-server.log

I have not tried using the absolute path,
let me try it right now

I have tried using the absolute path, still, enterprise-search is not starting

Hey Dustan,

I'm surprised you're not seeing any log output. Are you able to start Enterprise Search without ssl? I'm wondering if the problem isn't related to ssl. I'd also recommend testing with 7.10, which was recently released.

Hello @ross.bell,

Yes, I am able to start Enterprise Search without ssl,

Currently, I can see logs, but 'Enterprise Search' keeps on "Starting HTTP server" after every few minutes,

Some of the logs:

#########################################################

Success! Elastic Enterprise Search is starting successfully.

In a few moments, you'll be able to login at the following address:

* URL: https://MyServerIP:3002
  * If this is your first time starting Enterprise Search, check the console output above for your user authentication credentials.
  * Visit the documentation: https://www.elastic.co/guide/en/enterprise-search

Secret session key has been generated.

Set the key in your config file to persist user sessions through process restarts:

secret_session_key: 8e9968c0d4cc6ecbc45dc20d587b88d0f6daa72485079d028848831810f5dd4496600687eaad516025811e1cead88ab2e44d37f2aea7c49a8e24a19911f87e1f


#########################################################

[2020-11-14T09:03:36.867+00:00][110101][2002][app-server][INFO]: Successfully connected to Elasticsearch

when trying to curl the endpoint this is the response:
error: ConnectionError: ('Connection aborted.', error(111, 'Connection refused')) while doing GET request to URL: https://MyServerIP:3002/

These are SSL configs in my /usr/share/enterprise-search/config/enterprise-search.yml file

ent_search.ssl.enabled: true
ent_search.ssl.keystore.path: /usr/share/enterprise-search/config/certs/myCertificate.cer

Note, I am using the same certificate in Elasticsearch and it's running fine in HTTPS

By the way, what value should I put in this: ent_search.listen_host:
I have tried both 127.0.0.1 and MyServerIP with no luck.

Hey Dustan,

What if you try setting log_level: debug in the yml config? I'm hoping it can give us anything else to help debug where the failure is happening.

Okay, @ross.bell I will try this today