Fatal exception while booting Elasticsearchorg.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore

[2023-12-15T12:36:37,084][ERROR][o.e.b.Elasticsearch      ] [LAPTOP-ECGDD83N] fatal exception while booting Elasticsearchorg.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore [D:\Internship_task\elasticsearch\elasticsearch-8.9.0\config\elastic-certificates.p12] - this is usually caused by an incorrect password
        at org.elasticsearch.xcore@8.9.0/org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSslConfigurations$11(SSLService.java:617)
        at java.base/java.util.HashMap.forEach(HashMap.java:1429)
        at java.base/java.util.Collections$UnmodifiableMap.forEach(Collections.java:1553)
        at org.elasticsearch.xcore@8.9.0/org.elasticsearch.xpack.core.ssl.SSLService.loadSslConfigurations(SSLService.java:613)
        at org.elasticsearch.xcore@8.9.0/org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:159)

See logs for more details.

ERROR: Elasticsearch did not exit normally - check the logs at D:\Internship_task\elasticsearch\elasticsearch-8.9.0\logs\rivan.log

ERROR: Elasticsearch exited unexpectedly

Did you read the error message?

failed to load SSL configuration [xpack.security.transport.ssl] - cannot read configured [PKCS12] keystore [D:\Internship_task\elasticsearch\elasticsearch-8.9.0\config\elastic-certificates.p12] - this is usually caused by an incorrect password

BTW use 8.11. It's more recent and contains a lot of bug fixes.

Could you please explain me

this is my , elasticsearch.yml

xpack.security.enabled: true

xpack.security.enrollment.enabled: true

xpack.security.http.ssl:
  enabled: true
  verification_mode: certificate
  keystore.type: PKCS12
  keystore.path: elastic-certificates.p12
  truststore.path: elastic-certificates.p12
 
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  client_authentication: required
  keystore.type: PKCS12
  keystore.path: elastic-certificates.p12
  
  truststore.type: PKCS12
  truststore.path: elastic-certificates.p12

Did you set xpack.security.ssl.keystore.secure_password?

It's a secured setting.

If you did not, please read the complete guide at: Set up basic security for the Elastic Stack plus secured HTTPS traffic | Elasticsearch Guide [8.11] | Elastic

Yes, I have done that as well and could able to see the password and given the permissions as well.

D:\Internship_task\elasticsearch\elasticsearch-8.9.0\bin>elasticsearch-keystore list
keystore.seed
xpack.security.http.ssl.keystore.secure_password
xpack.security.http.ssl.truststore.secure_password
xpack.security.transport.ssl.keystore.secure_password
xpack.security.transport.ssl.truststore.secure_password
D:\Internship_task\elasticsearch\elasticsearch-8.9.0\bin>elasticsearch-keystore show xpack.security.http.ssl.keystore.secure_password
D:\Internship_task\elasticsearch\elasticsearch-8.9.0\bin>keytool -list -keystore "D:\Internship_task\elasticsearch\elasticsearch-8.9.0\config\elastic-certificates.p12"
Enter keystore password:
Keystore type: PKCS12
Keystore provider: SUN

Your keystore contains 2 entries

D:\Internship_task\elasticsearch\elasticsearch-8.9.0\config\elastic-certificates.p12 NT AUTHORITY\Authenticated Users:(F)
                                                                                     BUILTIN\Administrators:(I)(F)
                                                                                     NT AUTHORITY\SYSTEM:(I)(F)
                                                                                     NT AUTHORITY\Authenticated Users:(I)(M)
                                                                                     BUILTIN\Users:(I)(RX)

Successfully processed 1 files; Failed processing 0 files

Please don't format ALL the text with code format, but just the code part.

I'm editing your post.

I'm afraid I don't have enough knowledge on this topic to assist here. May be someone else will be able to answer.

My advice for now:

  • Try to do the same thing using the latest 8.11 version
  • Follow the guide step by step
  • If anything goes wrong with one of the steps, please report it here

I did not check the list of bugs fixed since 8.9.0 but may be there's something related?

Sorry for making you trouble and will follow the above suggestion that you mentioned.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.