Hi Folks,
I am trying to build security between elasticsearch and kibana to make SIEM detection work. However been struggling for so long. I followed lot of tutorials and generated p12 file. Here is my config file
#action.destructive_requires_name: true
# This turns on SSL for the HTTP (Rest) interface
xpack.security.http.ssl.enabled: true
# This configures the keystore to use for SSL on HTTP
xpack.security.http.ssl.keystore.path: "http.p12"
Then followed README for kibana. however I am unable to start elasticsearch service and here are my errors. Per error it seel http.p12 file does not exist. But when I see the file is there under /etc/elasticsearch
ls -l /etc/elasticsearch/http.p12
-rw------- 1 root root 10602 Apr 19 23:49 /etc/elasticsearch/http.p12
And error is as below
Caused by: org.elasticsearch.ElasticsearchException: failed to create trust manager
at org.elasticsearch.xpack.core.ssl.TrustConfig$CombiningTrustConfig.createTrustManager(TrustConfig.java:172) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:427) ~[?:?]
at java.util.HashMap.computeIfAbsent(HashMap.java:1138) ~[?:?]
at org.elasticsearch.xpack.core.ssl.SSLService.loadConfiguration(SSLService.java:521) ~[?:?]
... 26 more
Caused by: org.elasticsearch.ElasticsearchException: failed to initialize SSL TrustManager - keystore file [/etc/elasticsearch/http.p12] does not exist
at org.elasticsearch.xpack.core.ssl.TrustConfig.missingTrustConfigFile(TrustConfig.java:113) ~[?:?]
Any clue folks?