How to fix error unknown secure setting [elastic-certificates.p12] Elasticsearch version 7.17 after add TLS certificate?

I want to install a fleet server and require a TLS certificate. I followed the documentation in the instruction link Set up basic security for the Elastic Stack plus secured HTTPS traffic | Elasticsearch Guide [8.16] | Elastic
This is my config elasticsearch in elasticsearch.yml

# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: cluster01
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node01
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
network.host: localhost
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
#cluster.initial_master_nodes: ["node-1", "node-2"]
#
# For more information, consult the discovery and cluster formation module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#
# ---------------------------------- Security ----------------------------------
#
#                                 *** WARNING ***
#
# Elasticsearch security features are not enabled by default.
# These features are free, but require configuration changes to enable them.
# This means that users don't have to provide credentials and can get full access
# to the cluster. Network connections are also not encrypted.
#
# To protect your data, we strongly encourage you to enable the Elasticsearch security features.
# Refer to the following documentation for instructions.
#
# https://www.elastic.co/guide/en/elasticsearch/reference/7.16/configuring-stack-security.html
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elasticsearch/http.p12

## Config SSL
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.keystore.secure_password: ******
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.secure_password: ******

I assign permissions to the elastic-certificate.p12:

root@t2:/usr/share/elasticsearch# ls -la
total 688
drwxr-xr-x   8 root root   4096 Nov 20 07:29 .
drwxr-xr-x 130 root root   4096 Nov 19 08:53 ..
drwxr-xr-x   2 root root   4096 Nov 19 08:51 bin
-rw-------   1 root root   2468 Nov 20 07:29 csr-bundle.zip
-rw-------   1 root root   3596 Nov 19 09:44 elastic-certificates.p12
-rw-------   1 root root  10896 Nov 19 09:37 elasticsearch-ssl-http.zip
-rw-------   1 root root   2672 Nov 19 09:44 elastic-stack-ca.p12
drwxr-xr-x   8 root root   4096 Nov 19 08:51 jdk
drwxr-xr-x   2 root root   4096 Nov 20 07:29 kibana-server
drwxr-xr-x   3 root root   4096 Nov 19 08:51 lib
drwxr-xr-x  62 root root   4096 Nov 19 08:50 modules
-rw-r--r--   1 root root 640930 Oct 16 22:07 NOTICE.txt
drwxr-xr-x   2 root root   4096 Oct 16 22:11 plugins
-rw-r--r--   1 root root   2710 Oct 16 22:05 README.asciidoc

And i restart Elasticsearch service and have this error:

[elasticsearch-7.17.25.jar:7.17.25]
Caused by: java.lang.IllegalArgumentException: unknown secure setting [elastic-certificates.p12] please check that any required plugins are installed, or check the breaking changes documentation for removed settings
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:561) ~[elasticsearch-7.17.25.jar:7.17.25]
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:507) ~[elasticsearch-7.17.25.jar:7.17.25]
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:477) ~[elasticsearch-7.17.25.jar:7.17.25]
        at org.elasticsearch.common.settings.AbstractScopedSettings.validate(AbstractScopedSettings.java:447) ~[elasticsearch-7.17.25.jar:7.17.25]
        at org.elasticsearch.common.settings.SettingsModule.<init>(SettingsModule.java:137) ~[elasticsearch-7.17.25.jar:7.17.25]
        at org.elasticsearch.node.Node.<init>(Node.java:502) ~[elasticsearch-7.17.25.jar:7.17.25]
        at org.elasticsearch.node.Node.<init>(Node.java:309) ~[elasticsearch-7.17.25.jar:7.17.25]
        at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:234) ~[elasticsearch-7.17.25.jar:7.17.25]
        at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:234) ~[elasticsearch-7.17.25.jar:7.17.25]
        at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:434) ~[elasticsearch-7.17.25.jar:7.17.25]
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:169) ~[elasticsearch-7.17.25.jar:7.17.25]

Looking forward to the support of the technical team
Sincerely and thanks!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.