Running with configuration path: /home/ubuntu/elasticsearch/config
Testing if bootstrap password is valid for https://localhost:9200/_xpack/security/_authenticate?pretty
Exception in thread "main" java.lang.IllegalArgumentException: did not find a SSLContext for [SSLConfiguration{keyConfig=[keyStorePath=[certs/vraj-certificates.p12], keyStoreType=[PKCS12], keyStoreAlgorithm=[SunX509], trustStoreAlgorithm=[PKIX]], trustConfig=trustStorePath=[certs/vraj-certificates.p12], trustStoreAlgorithm=[PKIX]], cipherSuites=[[TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA]], supportedProtocols=[[TLSv1.2, TLSv1.1, TLSv1]], sslClientAuth=[REQUIRED], verificationMode=[FULL]}]
at org.elasticsearch.xpack.core.ssl.SSLService.sslContextHolder(SSLService.java:331)
at org.elasticsearch.xpack.core.ssl.SSLService.sslContext(SSLService.java:321)
at org.elasticsearch.xpack.core.ssl.SSLService.sslSocketFactory(SSLService.java:192)
at org.elasticsearch.xpack.security.authc.esnative.tool.CommandLineHttpClient.lambda$postURL$0(CommandLineHttpClient.java:96)
at java.security.AccessController.doPrivileged(Native Method)
at org.elasticsearch.xpack.security.authc.esnative.tool.CommandLineHttpClient.postURL(CommandLineHttpClient.java:94)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.checkElasticKeystorePasswordValid(SetupPasswordTool.java:278)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$AutoSetup.execute(SetupPasswordTool.java:127)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:75)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool.main(SetupPasswordTool.java:105)```
6.2.4 is almost a year old, there have been lots of bugs fixed since then (including this, I believe). Is there a reason you're trying to setup a new cluster on such an old version?
java.security.cert.CertificateException: No subject alternative names present
when elasticsearch-setup-passwords attempts to communicate with Elasticsearch on the http layer and suggests that you take a look at your xpack.security.http.ssl.* settings. I see
It works because this disables TLS, but I assume this is not what you want to do.
You'd need to regenerate vraj-cert.p12 and use either --dns or --ip to add a subject alternate name to the certificate that is generated ( see here for the list of parameters for the elasticsearch-certutil tool).
Thanks it worked.
Now i'm unable to start Kibana 6.7.0
elasticsearch.hosts: ["https://localhost:9200"]
xpack.security.encryptionKey: "<32chars>"
xpack.security.sessionTimeout: 600000
elasticsearch.ssl.verificationMode: none
elasticsearch.username: "kibana"
elasticsearch.password: "kibana"``
kibana is on the master elasticsearch instance. do i need to provide any additional configs in kibana.yml ?
Thanks
[17:28:24.835] [error][status][plugin:reporting@6.7.0] Status changed from uninitialized to red - [security_exception] failed to authenticate user [kibana], with { header={ WWW-Authenticate={ 0="Bearer realm=\"security\"" & 1="ApiKey" & 2="Basic realm=\"security\" charset=\"UTF-8\"" } } } log [17:28:24.970] [warning][task_manager] PollError [security_exception] failed to authenticate user [kibana], with { header={ WWW-Authenticate={ 0="Bearer realm=\"security\"" & 1="ApiKey" & 2="Basic realm=\"security\" charset=\"UTF-8\"" } } } log [17:28:24.970] [warning][task_manager] PollError [security_exception] failed to authenticate user [kibana], with { header={ WWW-Authenticate={ 0="Bearer realm=\"security\"" & 1="ApiKey" & 2="Basic realm=\"security\" charset=\"UTF-8\"" } } } log [17:28:24.972] [warning][maps] Error scheduling telemetry task, received NotInitialized: Tasks cannot be scheduled until after task manager is initialized! log [17:28:24.972] [warning][telemetry] Error scheduling task, received NotInitialized: Tasks cannot be scheduled until after task manager is initialized! log [17:28:24.974] [warning][reporting] Could not retrieve cluster settings, because of [security_exception] failed to authenticate user [kibana], with { header={ WWW-Authenticate={ 0="Bearer realm=\"security\"" & 1="ApiKey" & 2="Basic realm=\"security\" charset=\"UTF-8\"" } } }
But with Kibana 6.2.4 . I'm able to start kibana except few warnings such as.
You're running Kibana 6.2.4 with some different versions of Elasticsearch. Update Kibana or Elasticsearch to the same version to prevent compatibility issues: v6.7.0
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.