I am trying to build security between elasticsearch and kibana to make SIEM detection work. However been struggling for so long. I followed lot of tutorials and generated p12 file. Here is my config file
#action.destructive_requires_name: true # This turns on SSL for the HTTP (Rest) interface xpack.security.http.ssl.enabled: true # This configures the keystore to use for SSL on HTTP xpack.security.http.ssl.keystore.path: "http.p12"
Then followed README for kibana. however I am unable to start elasticsearch service and here are my errors. Per error it seel http.p12 file does not exist. But when I see the file is there under /etc/elasticsearch
ls -l /etc/elasticsearch/http.p12 -rw------- 1 root root 10602 Apr 19 23:49 /etc/elasticsearch/http.p12
And error is as below
Caused by: org.elasticsearch.ElasticsearchException: failed to create trust manager at org.elasticsearch.xpack.core.ssl.TrustConfig$CombiningTrustConfig.createTrustManager(TrustConfig.java:172) ~[?:?] at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:427) ~[?:?] at java.util.HashMap.computeIfAbsent(HashMap.java:1138) ~[?:?] at org.elasticsearch.xpack.core.ssl.SSLService.loadConfiguration(SSLService.java:521) ~[?:?] ... 26 more Caused by: org.elasticsearch.ElasticsearchException: failed to initialize SSL TrustManager - keystore file [/etc/elasticsearch/http.p12] does not exist at org.elasticsearch.xpack.core.ssl.TrustConfig.missingTrustConfigFile(TrustConfig.java:113) ~[?:?]
Any clue folks?