I've studied this page and really do not not how to make and use .cer
certificate, so can't launch fscrawler over secured connection.
I created a certificate like this:
sudo ./elasticsearch-certutil ca -out /etc/elasticsearch/elastic-stack-ca.p12 -pass "myPassword"
sudo ./elasticsearch-certutil cert --ca /etc/elasticsearch/elastic-stack-ca.p12 -out /etc/elasticsearch/elastic-certificates.p12 -pass "myPassword2"
and this is my elasticsearch.yml
:
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.transport.ssl.keystore.password: "myPassword2"
xpack.security.transport.ssl.truststore.password: "myPassword2"
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.keystore.password: "myPassword2"
xpack.security.http.ssl.truststore.password: "myPassword2"
I have not used .cer
to secure my elastic and kibana.
So I need to know some more detail.
This is resumes/_settings.yaml
elasticsearch:
username: "elastic"
password: "pass"
nodes:
- url: "https://192.168.225.135:2022"
- url: "https://192.168.225.136:2022"
byte_size: "10mb"
ssl_verification: true
This is part of log file on fscrawler start
failed to create elasticsearch client on Elasticsearch{nodes=[https://192.168.225.135:2022, https://192.168.225.136:2022], index='resumes', indexFolder='resumes_folder', bulkSize=100, flushInterval=5s, byteSize=10mb, username='elastic', pipeline='null', pathPrefix='null', sslVerification='true'}, disabling crawler...
We can not start Elasticsearch Client. Exiting.org.elasticsearch.ElasticsearchException: java.util.concurrent.ExecutionException: java.net.ConnectException: Connection refused
I created .der
like this
sudo openssl pkcs12 -in /etc/elasticsearch/elastic-certificates.p12 -out /etc/elasticsearch/ca.der
keytool -import -alias myalias -keystore "/usr/lib/jvm/java-11-openjdk-amd64/lib/security/cacerts" -file /etc/elasticsearch/ca.der
but results in
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect