Fscrawler refuses connection over https

ehsan_kabiri_33 · December 13, 2021, 4:18pm

I've studied this page and really do not not how to make and use .cer certificate, so can't launch fscrawler over secured connection.

I created a certificate like this:

sudo ./elasticsearch-certutil ca -out /etc/elasticsearch/elastic-stack-ca.p12 -pass "myPassword"

sudo ./elasticsearch-certutil cert --ca  /etc/elasticsearch/elastic-stack-ca.p12 -out /etc/elasticsearch/elastic-certificates.p12 -pass "myPassword2"

and this is my elasticsearch.yml:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.keystore.password: "myPassword2"
xpack.security.transport.ssl.truststore.password: "myPassword2"


xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.keystore.password: "myPassword2"
xpack.security.http.ssl.truststore.password: "myPassword2"

I have not used .cer to secure my elastic and kibana.
So I need to know some more detail.

This is resumes/_settings.yaml

elasticsearch:
  username: "elastic"
  password: "pass"
  nodes:
  - url: "https://192.168.225.135:2022"
  - url: "https://192.168.225.136:2022"
  byte_size: "10mb"
  ssl_verification: true

This is part of log file on fscrawler start

failed to create elasticsearch client on Elasticsearch{nodes=[https://192.168.225.135:2022, https://192.168.225.136:2022], index='resumes', indexFolder='resumes_folder', bulkSize=100, flushInterval=5s, byteSize=10mb, username='elastic', pipeline='null', pathPrefix='null', sslVerification='true'}, disabling crawler...
We can not start Elasticsearch Client. Exiting.org.elasticsearch.ElasticsearchException: java.util.concurrent.ExecutionException: java.net.ConnectException: Connection refused

I created .der like this

sudo openssl pkcs12 -in /etc/elasticsearch/elastic-certificates.p12  -out /etc/elasticsearch/ca.der
keytool -import -alias myalias -keystore "/usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts" -file /etc/elasticsearch/ca.der

but results in

keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect

system · January 10, 2022, 4:19pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.