After running the following code in the following directory:
/usr/share/elasticsearch
I ran the following code:
sudo bin/x-pack/setup-passwords interactive
I get the following message:
SSL connection to https://127.0.0.1:9200/_xpack/security/_authenticate?pretty failed:
Unrecognized SSL message, plaintext connection?
Please check the elasticsearch SSL settings under xpack.security.http.ssl.
ERROR: Failed to establish SSL connection to elasticsearch at
https://127.0.0.1:9200/_xpack/security/_authenticate?pretty
I have installed Elasticsearch 6.1.2, Logstash 6.1.2 and Kibana 6.1.2 on Ubuntu 16.04.3 LTS. I have checked my SSL settings under xpack.security.http.ssl and it is shown below.
elasticsearch.yml file:
#NOTE: Elasticsearch comes with reasonable defaults for most settings.
#Before you set out to tweak and tune the configuration, make sure you
#understand what are you trying to accomplish and the consequences.
#The primary way of configuring a node is via this file. This template lists
#the most important settings you may want to configure for a production cluster.
#Please consult the documentation for further information on configuration options:
#https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
#---------------------------------- Cluster -----------------------------------
#Use a descriptive name for your cluster:
#
cluster.name: ES Cluster1
#
#---------------------------------- Node -----------------------------------
#Use a descriptive name for the node:
#
node.name: ES Node1
#
#Add custom attributes to the node:
#
#node.attr.rack: r1
#
#---------------------------------- Paths -----------------------------------
#Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
#Path to log files:
#
path.logs: /var/log/elasticsearch
#
#---------------------------------- Memory -----------------------------------
#Lock the memory on startup:
#bootstrap.memory_lock: true
#
#Make sure that the heap size is set to about half the memory available
#on the system and that the owner of the process is allowed to use this
#limit.
#Elasticsearch performs poorly when the system is swapping the memory.
#
#---------------------------------- Network -----------------------------------
#Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: localhost
#
#Set a custom port for HTTP:
#
http.port: 9200
#
#For more information, consult the network module documentation.
#
#---------------------------------- Discovery -----------------------------------
#Pass an initial list of hosts to perform discovery when new node is started:
#The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.zen.ping.unicast.hosts: ["host1", "host2"]
#
#Prevent the "split brain" by configuring the majority of nodes (total number of master-
#eligible nodes / 2 + 1):
#
#discovery.zen.minimum_master_nodes:
#
#For more information, consult the zen discovery module documentation.
#
#---------------------------------- Gateway -----------------------------------
#Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
#For more information, consult the gateway module documentation.
#
#---------------------------------- Various -----------------------------------
#Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#
#---------------------------------- X-Pack -----------------------------------
#automatic index creation, required by X-pack
#
action.auto_create_index: .security,.monitoring*,.watches,.triggered_watches,.watcher-
history*,.ml*
#
#enable TLS on elasticsearch nodes
#
xpack.ssl.keystore.path: certs/elastic-certificates.p12
xpack.ssl.truststore.path: certs/elastic-certificates.p12
#
#enable TLS on the transport networking layer to ensure communication between
#nodes is encrypted
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
#
#enable TLS on HTTP layer to ensure that communication between HTTP clients and the
#cluster is encrypted
#
xpack.security.http.ssl.enabled: true