P12 certificate is protected by password

rijinmp · November 20, 2018, 5:58pm

My COnf:
xpack.security.enabled: true
xpack.ssl.keystore.path: /etc/elasticsearch/certs/xyz.p12
xpack.ssl.keystore.type: PKCS12
xpack.ssl.keystore.password: 1b7f669
xpack.ssl.truststore.path: /etc/elasticsearch/certs/xyz.p12
xpack.ssl.truststore.type: PKCS12

xz.p12 and the decryption password 1b7f669 is provided by company.

Error log:

Caused by: java.io.IOException: keystore password was incorrect
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2059) ~[?:?]
at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_181]
at org.elasticsearch.xpack.core.ssl.CertParsingUtils.readKeyStore(CertParsingUtils.java:71) ~[?:?]
at org.elasticsearch.xpack.core.ssl.CertParsingUtils.trustManager(CertParsingUtils.java:267) ~[?:?]
at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:58) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:355) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:388) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.(SSLService.java:92) ~[?:?]
at org.elasticsearch.xpack.core.XPackPlugin.(XPackPlugin.java:130) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_181]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:598) ~[elasticsearch-6.4.2.jar:6.4.2]
at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:549) ~[elasticsearch-6.4.2.jar:6.4.2]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:464) ~[elasticsearch-6.4.2.jar:6.4.2]
at org.elasticsearch.plugins.PluginsService.(PluginsService.java:156) ~[elasticsearch-6.4.2.jar:6.4.2]
at org.elasticsearch.node.Node.(Node.java:315) ~[elasticsearch-6.4.2.jar:6.4.2]
at org.elasticsearch.node.Node.(Node.java:256) ~[elasticsearch-6.4.2.jar:6.4.2]
at org.elasticsearch.bootstrap.Bootstrap$5.(Bootstrap.java:213) ~[elasticsearch-6.4.2.jar:6.4.2]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.4.2.jar:6.4.2]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:326) ~[elasticsearch-6.4.2.jar:6.4.2]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:136) ~[elasticsearch-6.4.2.jar:6.4.2]
... 6 more
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

Topic		Replies	Views
How configure .p12 certificate in Elasticsearch TLS/SSL? Elasticsearch elastic-stack-security	4	4839	November 26, 2018
Can't start ES 7.3.0 with x-pack security enabled Elasticsearch elastic-stack-security	7	3348	September 17, 2019
TLS/SSL enabled cluster , SSL is working TSL not working with p12 cert password protected Elasticsearch elastic-stack-security	22	5738	December 30, 2018
.p12 certificate don't have Certificate Authority Elasticsearch elastic-stack-security	3	570	December 1, 2018
Elastic Search SSL installation issue Elasticsearch elastic-stack-security	17	2871	September 11, 2019

P12 certificate is protected by password

Related topics