I want to use winbeat with siem, so I config elasticsearch 7.8 with TLS/SSL.
I create cert files with this instruction.
https://www.elastic.co/guide/en/elasticsearch/reference/7.7/configuring-tls.html#configuring-tls
all cert files have an blank password.
cert file creation should be no problem because I successful create a 3-node elasticsearch cluster, it works fine. As I use this same commands with ansible to create a new elasticsearch cluster. I got following errors.
my config file
[root@elk1 elasticsearch]# pwd
/etc/elasticsearch
[root@elk1 elasticsearch]# ls -lha
合計 68K
drwxr-s---. 3 root elasticsearch 4.0K 6月 26 19:54 .
drwxr-xr-x. 82 root root 8.0K 6月 26 14:50 ..
-rw-r--r--. 1 root elasticsearch 76 6月 26 14:50 .elasticsearch.keystore.initial_md5sum
-rw-rw----. 1 root elasticsearch 3.4K 6月 26 14:50 elastic-certificates.p12
-rw-rw----. 1 root elasticsearch 253 6月 26 14:56 elasticsearch.keystore
-rw-rw----. 1 root elasticsearch 1.3K 6月 26 19:54 elasticsearch.yml
-rw-rw----. 1 root elasticsearch 3.4K 6月 26 15:46 http.p12
-rw-rw----. 1 root elasticsearch 2.0K 6月 26 14:50 jvm.options
drwxr-s---. 2 root elasticsearch 6 6月 15 04:43 jvm.options.d
-rw-rw----. 1 root elasticsearch 18K 6月 15 04:40 log4j2.properties
-rw-rw----. 1 root elasticsearch 473 6月 15 04:40 role_mapping.yml
-rw-rw----. 1 root elasticsearch 197 6月 15 04:40 roles.yml
-rw-rw----. 1 root elasticsearch 0 6月 15 04:40 users
-rw-rw----. 1 root elasticsearch 0 6月 15 04:40 users_roles
[root@elk1 elasticsearch]# cat elasticsearch.yml
#################################### Essential ####################################
#cluster name
cluster.name: es1
#node name
node.name: elk1
#bind to loopback addresses
network.host: 0.0.0.0
discovery.seed_hosts: ["elk1","elk2","elk3"]
cluster.initial_master_nodes: ["elk1","elk2","elk3"]
discovery.zen.minimum_master_nodes: 2
#################################### Paths ####################################
# Path to directory containing configuration (this file and logging.yml):
path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch
#action.destructive_requires_name: true
xpack.security.enabled: true
# This turns on SSL for the HTTP (Rest) interface
xpack.security.http.ssl.enabled: true
# This configures the keystore to use for SSL on HTTP
xpack.security.http.ssl.keystore.path: "http.p12"
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: "/etc/elasticsearch/elastic-certificates.p12"
xpack.security.transport.ssl.truststore.path: "/etc/elasticsearch/elastic-certificates.p12"
errors
[2020-06-26T19:54:28,718][INFO ][o.e.n.Node ] [elk1] node name [elk1], node ID [w7ZoWNmvSGuuKCCAku5FKA], cluster name [es1]
[2020-06-26T19:54:35,019][ERROR][o.e.b.Bootstrap ] [elk1] Exception
org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl]
at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$5(SSLService.java:528) ~[?:?]
at java.util.HashMap.forEach(HashMap.java:1289) ~[?:1.8.0_252]
at java.util.Collections$UnmodifiableMap.forEach(Collections.java:1507) ~[?:1.8.0_252]
at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:524) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:142) ~[?:?]
at org.elasticsearch.xpack.core.XPackPlugin.createSSLService(XPackPlugin.java:397) ~[?:?]
at org.elasticsearch.xpack.core.XPackPlugin.createComponents(XPackPlugin.java:263) ~[?:?]
at org.elasticsearch.node.Node.lambda$new$11(Node.java:484) ~[elasticsearch-7.8.0.jar:7.8.0]
at java.util.stream.ReferencePipeline$7$1.accept(ReferencePipeline.java:269) ~[?:1.8.0_252]
at java.util.ArrayList$ArrayListSpliterator.forEachRemaining(ArrayList.java:1382) ~[?:1.8.0_252]
at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:482) ~[?:1.8.0_252]
at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472) ~[?:1.8.0_252]
at java.util.stream.ReduceOps$ReduceOp.evaluateSequential(ReduceOps.java:708) ~[?:1.8.0_252]
at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) ~[?:1.8.0_252]
at java.util.stream.ReferencePipeline.collect(ReferencePipeline.java:566) ~[?:1.8.0_252]
at org.elasticsearch.node.Node.<init>(Node.java:488) ~[elasticsearch-7.8.0.jar:7.8.0]
at org.elasticsearch.node.Node.<init>(Node.java:266) ~[elasticsearch-7.8.0.jar:7.8.0]
at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:227) ~[elasticsearch-7.8.0.jar:7.8.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:227) ~[elasticsearch-7.8.0.jar:7.8.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:393) [elasticsearch-7.8.0.jar:7.8.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) [elasticsearch-7.8.0.jar:7.8.0]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161) [elasticsearch-7.8.0.jar:7.8.0]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-7.8.0.jar:7.8.0]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127) [elasticsearch-cli-7.8.0.jar:7.8.0]
at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-7.8.0.jar:7.8.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126) [elasticsearch-7.8.0.jar:7.8.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) [elasticsearch-7.8.0.jar:7.8.0]
Caused by: org.elasticsearch.ElasticsearchException: failed to initialize SSL TrustManager
at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:74) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:437) ~[?:?]
at java.util.HashMap.computeIfAbsent(HashMap.java:1127) ~[?:1.8.0_252]
at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$5(SSLService.java:526) ~[?:?]
... 26 more
Caused by: java.io.IOException: public key protected PKCS12 not supported
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1958) ~[?:?]
at java.security.KeyStore.load(KeyStore.java:1445) ~[?:1.8.0_252]
at org.elasticsearch.xpack.core.ssl.TrustConfig.getStore(TrustConfig.java:97) ~[?:?]
at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:65) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:437) ~[?:?]
at java.util.HashMap.computeIfAbsent(HashMap.java:1127) ~[?:1.8.0_252]
at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$5(SSLService.java:526) ~[?:?]
... 26 more
[2020-06-26T19:54:35,025][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [elk1] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager]; nested: IOException[public key protected PKCS12 not supported];
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:174) ~[elasticsearch-7.8.0.jar:7.8.0]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161) ~[elasticsearch-7.8.0.jar:7.8.0]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.8.0.jar:7.8.0]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127) ~[elasticsearch-cli-7.8.0.jar:7.8.0]
at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.8.0.jar:7.8.0]
Any advice will be helpful.
Thank you in advance.