Security settings make my ES not start

I made the security settings and added the following to the yml file:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

But now my ES doesn't close when I try to start

Certificate name and note are correct because I followed a video tutorial by Elastic

What do your logs show?

[2020-06-17T11:49:20,844][INFO ][o.e.n.Node               ] [ELASTICSERVER] stopping ...
[2020-06-17T11:49:20,875][INFO ][o.e.x.w.WatcherService   ] [ELASTICSERVER] stopping watch service, reason [shutdown initiated]
[2020-06-17T11:49:20,875][INFO ][o.e.x.w.WatcherLifeCycleService] [ELASTICSERVER] watcher has stopped and shutdown
[2020-06-17T11:49:21,250][INFO ][o.e.x.m.p.l.CppLogMessageHandler] [ELASTICSERVER] [controller/2132] [Main.cc@150] Ml controller exiting
[2020-06-17T11:49:21,297][INFO ][o.e.x.m.p.NativeController] [ELASTICSERVER] Native controller process has stopped - no new native processes can be started
[2020-06-17T11:49:21,328][INFO ][o.e.n.Node               ] [ELASTICSERVER] stopped
[2020-06-17T11:49:21,328][INFO ][o.e.n.Node               ] [ELASTICSERVER] closing ...
[2020-06-17T11:49:21,344][INFO ][o.e.n.Node               ] [ELASTICSERVER] closed

That doesn't show much about it not starting, just that it's stopping, is there more?

[2020-06-17T11:38:30,857][INFO ][o.e.d.DiscoveryModule    ] [ELASTICSERVER] using discovery type [zen] and seed hosts providers [settings]
[2020-06-17T11:38:33,544][INFO ][o.e.n.Node               ] [ELASTICSERVER] initialized
[2020-06-17T11:38:33,544][INFO ][o.e.n.Node               ] [ELASTICSERVER] starting ...
[2020-06-17T11:38:34,122][INFO ][o.e.t.TransportService   ] [ELASTICSERVER] publish_address {127.0.0.1:9300}, bound_addresses {127.0.0.1:9300}, {[::1]:9300}
[2020-06-17T11:38:36,047][WARN ][o.e.b.BootstrapChecks    ] [ELASTICSERVER] the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
[2020-06-17T11:38:36,047][WARN ][o.e.b.BootstrapChecks    ] [ELASTICSERVER] Transport SSL must be enabled if security is enabled on a [basic] license. Please set [xpack.security.transport.ssl.enabled] to [true] or disable security by setting [xpack.security.enabled] to [false]
[2020-06-17T11:38:36,062][INFO ][o.e.c.c.Coordinator      ] [ELASTICSERVER] cluster UUID [6opUZnS4T-C45KpnBniKTw]
[2020-06-17T11:38:36,094][INFO ][o.e.c.c.ClusterBootstrapService] [ELASTICSERVER] no discovery configuration found, will perform best-effort cluster bootstrapping after [3s] unless existing master is discovered
[2020-06-17T11:38:36,422][INFO ][o.e.c.s.MasterService    ] [ELASTICSERVER] elected-as-master ([1] nodes joined)[{ELASTICSERVER}{0UUDuKoOT8arNTHnRfx97Q}{PRqwZ_e6TTCKOnX6bxDUPA}{127.0.0.1}{127.0.0.1:9300}{dilmrt}{ml.machine_memory=2983776256, xpack.installed=true, transform.node=true, ml.max_open_jobs=20} elect leader, _BECOME_MASTER_TASK_, _FINISH_ELECTION_], term: 69, version: 602, delta: master node changed {previous [], current [{ELASTICSERVER}{0UUDuKoOT8arNTHnRfx97Q}{PRqwZ_e6TTCKOnX6bxDUPA}{127.0.0.1}{127.0.0.1:9300}{dilmrt}{ml.machine_memory=2983776256, xpack.installed=true, transform.node=true, ml.max_open_jobs=20}]}
[2020-06-17T11:38:36,740][INFO ][o.e.c.s.ClusterApplierService] [ELASTICSERVER] master node changed {previous [], current [{ELASTICSERVER}{0UUDuKoOT8arNTHnRfx97Q}{PRqwZ_e6TTCKOnX6bxDUPA}{127.0.0.1}{127.0.0.1:9300}{dilmrt}{ml.machine_memory=2983776256, xpack.installed=true, transform.node=true, ml.max_open_jobs=20}]}, term: 69, version: 602, reason: Publication{term=69, version=602}
[2020-06-17T11:38:37,146][INFO ][o.e.h.AbstractHttpServerTransport] [ELASTICSERVER] publish_address {127.0.0.1:9200}, bound_addresses {127.0.0.1:9200}, {[::1]:9200}
[2020-06-17T11:38:37,162][INFO ][o.e.n.Node               ] [ELASTICSERVER] started
[2020-06-17T11:38:38,474][INFO ][o.e.l.LicenseService     ] [ELASTICSERVER] license [baeca942-1548-4ac7-921e-aec19b1539ad] mode [basic] - valid
[2020-06-17T11:38:38,474][INFO ][o.e.x.s.s.SecurityStatusChangeListener] [ELASTICSERVER] Active license is now [BASIC]; Security is enabled
[2020-06-17T11:38:38,506][INFO ][o.e.g.GatewayService     ] [ELASTICSERVER] recovered [19] indices into cluster_state
[2020-06-17T11:39:06,504][INFO ][o.e.c.r.a.AllocationService] [ELASTICSERVER] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[.apm-custom-link][0], [.apm-agent-configuration][0]]]).

I think that part will help more

Elasticsearch has started, you can see it's recovering shards.

The window is closed and when I go to the browser and put the localhost: 9200 not to connect

What window?

The window where I click to start the ES, running the .bat file

Ah ok, it sounds like you are running the elasticsearch.bat file, then closing the window? If that is the case it will start and then stop Elasticsearch. That has nothing to do with the security settings.

You may want to set it up so that it runs as a service.

No, it closes automatically, that's the problem

You are probably double-clicking from the file explorer on elasticsearch.bat.

Open manually the cmd window. Then go to the right dir and type elasticsearch.
You will hopefully see the error messages.

1 Like

Thanks for answering me.
I did the procedure via CMD but the log error appeared:
Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.

Could you help me?

I can't as I don't know this part and this error message but I'm sure some experts could help.

If you describe exactly what you did, that might help.
Did you follow exactly the guide? https://www.elastic.co/guide/en/elasticsearch/reference/current/windows.html

I've already read this guide.

I did the following:

I ran the elasticsearch-certutil cert for the security and cryptography certificate, then the config \ elastic-certificates.p12

and added the configuration
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
in my elasticsearch.yml file and when I run ES it opens and closes by itself, when I remove what I added it works

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.