Unable to configure elasticsearch security

Hi Folks,

I am trying to build security between elasticsearch and kibana to make SIEM detection work. However been struggling for so long. I followed lot of tutorials and generated p12 file. Here is my config file

#action.destructive_requires_name: true
# This turns on SSL for the HTTP (Rest) interface
xpack.security.http.ssl.enabled: true

# This configures the keystore to use for SSL on HTTP
xpack.security.http.ssl.keystore.path: "http.p12"

Then followed README for kibana. however I am unable to start elasticsearch service and here are my errors. Per error it seel http.p12 file does not exist. But when I see the file is there under /etc/elasticsearch

ls -l /etc/elasticsearch/http.p12
-rw------- 1 root root 10602 Apr 19 23:49 /etc/elasticsearch/http.p12

And error is as below

Caused by: org.elasticsearch.ElasticsearchException: failed to create trust manager
        at org.elasticsearch.xpack.core.ssl.TrustConfig$CombiningTrustConfig.createTrustManager(TrustConfig.java:172) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:427) ~[?:?]
        at java.util.HashMap.computeIfAbsent(HashMap.java:1138) ~[?:?]
        at org.elasticsearch.xpack.core.ssl.SSLService.loadConfiguration(SSLService.java:521) ~[?:?]
        ... 26 more
Caused by: org.elasticsearch.ElasticsearchException: failed to initialize SSL TrustManager - keystore file [/etc/elasticsearch/http.p12] does not exist
        at org.elasticsearch.xpack.core.ssl.TrustConfig.missingTrustConfigFile(TrustConfig.java:113) ~[?:?]

Any clue folks?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Hi,
per default elasticsearch runs with his own user also called elasticsearch.

As i can see only the owner is allowed to read this file, in this case the owner is root. This means the elasticsearch user is not permitted to read. Please try to change the owner to the elasticsearch user.