Unable to start elasticsearch after creating cert for http communication

Elastic Stack Elasticsearch
1

Hello, I'm a noob at ES and learning from different angles in troubleshooting ES. My error here are two but first, is that I've install elasticsearch 6.7 deb. version on ubuntu 18.04.

The second is xpack security error unable to [2019-04-01T20:36:59,275][ERROR][o.e.b.Bootstrap ] Exception java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]
I think correlates to the cert that I created with http communication

trolling logs from /var/log/ES-test.log (name of cluster for ES)


Which I have in my elasticsearch.yml file 

    ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
#       Before you set out to tweak and tune the configuration, make sure you
#       understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: ES-test
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
#node.name: node-es-1
# 
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
network.host: localhost
#
#l
#
# Set a custom port for HTTP:
#
http.port: 9200

#transport.port: 9300
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when new node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.zen.ping.unicast.hosts: ["host1", "host2"]
#
# Prevent the "split brain" by configuring the majority of nodes (total number of master-eligible nodes / 2 + 1):
#
#discovery.zen.minimum_master_nodes: 1
#
# For more information, consult the zen discovery module documentation.
#
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#
xpack.security.enabled: true
xpack.license.self_generated.type: basic
xpack.security.audit.enabled: true
#xpack.security.authc.accept_default_password
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /config/certs/elastic-certificates.p12 
xpack.security.http.ssl.truststore.path: /config/certs/elastic-certificates.p12 

#http.cors.enabled : true
#http.cors.allow-origin : "*"
#http.cors.allow-methods : "OPTIONS, HEAD, GET, POST, PUT, DELETE"
#http.cors.allow-headers : "X-Requested-With,X-Auth-Token,Content-Type, Content-Length,authorization: basic"
#http.type: ssl_netty4
#network.tcp.keep_alive: true 

     




When I run sudo systemctl status elasticsearch 
 elasticsearch.service - Elasticsearch
   Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/elasticsearch.service.d
           └─override.conf
   Active: failed (Result: exit-code) since Tue 2019-04-02 16:18:49 UTC; 11min ago
     Docs: http://www.elastic.co
  Process: 2419 ExecStart=/usr/share/elasticsearch/bin/elasticsearch -p ${PID_DIR}/elasticsearch.pid --quiet (code=exi
 Main PID: 2419 (code=exited, status=1/FAILURE)

Apr 02 16:18:49 elasticsearch-test elasticsearch[2419]:         at sun.nio.fs.UnixException.rethrowAsIOException(UnixE
Apr 02 16:18:49 elasticsearch-test elasticsearch[2419]:         at sun.nio.fs.UnixException.rethrowAsIOException(UnixE
Apr 02 16:18:49 elasticsearch-test elasticsearch[2419]:         at sun.nio.fs.UnixFileSystemProvider.newByteChannel(Un
Apr 02 16:18:49 elasticsearch-test elasticsearch[2419]:         at java.nio.file.Files.newByteChannel(Files.java:361)
Apr 02 16:18:49 elasticsearch-test elasticsearch[2419]:         at java.nio.file.Files.newByteChannel(Files.java:407)
Apr 02 16:18:49 elasticsearch-test elasticsearch[2419]:         at java.nio.file.spi.FileSystemProvider.newInputStream
Apr 02 16:18:49 elasticsearch-test elasticsearch[2419]:         at java.nio.file.Files.newInputStream(Files.java:152)
Apr 02 16:18:49 elasticsearch-test elasticsearch[2419]:         at org.elasticsearch.tools.launchers.JvmOptionsParser.
Apr 02 16:18:49 elasticsearch-test systemd[1]: elasticsearch.service: Main process exited, code=exited, status=1/FAILU
Apr 02 16:18:49 elasticsearch-test systemd[1]: elasticsearch.service: Failed with result 'exit-code'.

I've followed the tutorial on ES for version 6.7 but I may not be seeing the issue to this error, if someone could give it a second look.
2

Please take the time to correctly format your post. It is very hard to go through as it is now. You can use triple backticks (```) and/or the </> button to format large chunks of text and you can use the preview window on the right as you type your message to see how it looks like. It would be great if you could update your post to correct this.

The error seems obvious:

java.nio.file.NoSuchFileException: /etc/elasticsearch/etc/elasticsearch/config/certs/elastic-certificates.p12

You have configured elasticsearch to try and read a file from that path but it can't find the file there.
Is there such a file in /etc/elasticsearch/etc/elasticsearch/config/certs/elastic-certificates.p12 ?

3

There is, I have it pointing to where I cp the file to the dir. Also, I see that it's calling etc/elasticsearch twice which, only should be called once? I also configured the etc/default/elasticsearch > ES_PATH_CONF=etc/elasticsearch/config/certs/elastic-certificates.p12.
I've also read in some of the ES discussion forums that it could be a java security issue?

4

I checked the journalctl -f logs and ssh into the box on another terminal window. Troubleshooted the error and taken off elastic-certificates.p12 since the elasticsearch-env was looking for a dir and not the file itself.
other error was that of
Exception in thread "main" java.nio.file.NoSuchFileException: /etc/elasticsearch/config/certs/jvm.options

5

Corrected, removed config/certs from the ES config found in /etc/default/elasticsearch

6

Now I'm back to
Exception java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]

7

Keep reading the logs. When the XPackPlugin fails to load, there will be another exception later in the log file that tells you why.

8

This is my complete log.

[2019-04-03T00:36:23,617][INFO ][o.e.n.Node               ] [data1] initializing ...
[2019-04-03T00:36:23,691][INFO ][o.e.e.NodeEnvironment    ] [data1] using [1] data paths, mounts [[/ (/dev/xvda1)]], net usable_space [26.3gb], net total_space [29gb], types [ext4]
[2019-04-03T00:36:23,691][INFO ][o.e.e.NodeEnvironment    ] [data1] heap size [1007.3mb], compressed ordinary object pointers [true]
[2019-04-03T00:36:23,693][INFO ][o.e.n.Node               ] [data1] node name [data1], node ID [cH1-6yeOSkWKqeSosjTuUQ]
[2019-04-03T00:36:23,694][INFO ][o.e.n.Node               ] [data1] version[6.2.4], pid[16493], build[ccec39f/2018-04-12T20:37:28.497551Z], OS[Linux/4.4.0-1079-aws/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/1.8.0_201/25.201-b09]
[2019-04-03T00:36:23,694][INFO ][o.e.n.Node               ] [data1] JVM arguments [-Xms1g, -Xmx1g, -XX:+UseConcMarkSweepGC, -XX:CMSInitiatingOccupancyFraction=75, -XX:+UseCMSInitiatingOccupancyOnly, -XX:+AlwaysPreTouch, -Xss1m, -Djava.awt.headless=true, -Dfile.encoding=UTF-8, -Djna.nosys=true, -XX:-OmitStackTraceInFastThrow, -Dio.netty.noUnsafe=true, -Dio.netty.noKeySetOptimization=true, -Dio.netty.recycler.maxCapacityPerThread=0, -Dlog4j.shutdownHookEnabled=false, -Dlog4j2.disable.jmx=true, -Djava.io.tmpdir=/tmp/elasticsearch.FTtAtbhf, -XX:+HeapDumpOnOutOfMemoryError, -XX:+PrintGCDetails, -XX:+PrintGCDateStamps, -XX:+PrintTenuringDistribution, -XX:+PrintGCApplicationStoppedTime, -Xloggc:logs/gc.log, -XX:+UseGCLogFileRotation, -XX:NumberOfGCLogFiles=32, -XX:GCLogFileSize=64m, -Des.path.home=/home/ubuntu/elasticsearch, -Des.path.conf=/home/ubuntu/elasticsearch/config]
[2019-04-03T00:36:25,835][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [data1] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:125) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:112) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) ~[elasticsearch-cli-6.2.4.jar:6.2.4]
	at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-6.2.4.jar:6.2.4]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:85) ~[elasticsearch-6.2.4.jar:6.2.4]
Caused by: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]
	at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:563) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:505) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:422) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:146) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.node.Node.<init>(Node.java:303) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.node.Node.<init>(Node.java:246) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:213) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:323) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) ~[elasticsearch-6.2.4.jar:6.2.4]
	... 6 more
Caused by: java.lang.reflect.InvocationTargetException
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_201]
	at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:505) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:422) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:146) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.node.Node.<init>(Node.java:303) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.node.Node.<init>(Node.java:246) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:213) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:213) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:323) ~[elasticsearch-6.2.4.jar:6.2.4]
	at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:121) ~[elasticsearch-6.2.4.jar:6.2.4]
	... 6 more
Caused by: org.elasticsearch.ElasticsearchException: failed to initialize a TrustManagerFactory
	at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:72) ~[?:?]
	at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:419) ~[?:?]
	at java.util.HashMap.computeIfAbsent(HashMap.java:1127) ~[?:1.8.0_201]
	at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:471) ~[?:?]
	at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:91) ~[?:?]
	at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:127) ~[?:?]
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
	at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_201]
	at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:554) ~[elasticsearch-
	... 6 more```

What are the next steps to follow ?

Please Advice
9

Yes I was scrolling through and believe that it's
Caused by: java.nio.file.AccessDeniedException: /etc/elasticsearch/config/certs/elastic-certificates.p12

I read other post on here and googled, that suggest to enable java security to read the file. However, I will troubleshoot adding the password to the keystore via this tutorial
https://www.elastic.co/guide/en/elasticsearch/reference/current/configuring-tls.html#node-certificates

java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]
 at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:614) ~[elasticsearch-6.7.0.jar:6.7.0]
 at org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:556) ~[elasticsearch-6.7.0.jar:6.7.0]
 at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:471) ~[elasticsearch-6.7.0.jar:6.7.0]
 at org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:163) ~[elasticsearch-6.7.0.jar:6.7.0]
 at org.elasticsearch.node.Node.<init>(Node.java:339) ~[elasticsearch-6.7.0.jar:6.7.0]
 at org.elasticsearch.node.Node.<init>(Node.java:266) ~[elasticsearch-6.7.0.jar:6.7.0]
 at org.elasticsearch.bootstrap.Bootstrap$5.<init>(Bootstrap.java:212) ~[elasticsearch-6.7.0.jar:6.7.0]
 at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:212) ~[elasticsearch-6.7.0.jar:6.7.0]
 at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:333) [elasticsearch-6.7.0.jar:6.7.0]
 at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:159) [elasticsearch-6.7.0.jar:6.7.0]
 at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) [elasticsearch-6.7.0.jar:6.7.0]
 at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) [elasticsearch-6.7.0.jar:6.7.0]
 at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124) [elasticsearch-cli-6.7.0.jar:6.7.0]
 at org.elasticsearch.cli.Command.main(Command.java:90) [elasticsearch-cli-6.7.0.jar:6.7.0]
 at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:116) [elasticsearch-6.7.0.jar:6.7.0]
 at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:93) [elasticsearch-6.7.0.jar:6.7.0]
Caused by: java.lang.reflect.InvocationTargetException
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
 at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_201]
 at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-6.7.0.jar:6.7.0]
 ... 15 more
Caused by: org.elasticsearch.ElasticsearchException: failed to initialize a TrustManagerFactory
 at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:61) ~[?:?]
 at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:394) ~[?:?]
 at java.util.HashMap.computeIfAbsent(HashMap.java:1127) ~[?:1.8.0_201]
 at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$4(SSLService.java:448) ~[?:?]
 at java.util.HashMap.forEach(HashMap.java:1289) ~[?:1.8.0_201]
 at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:436) ~[?:?]
 at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:103) ~[?:?]
 at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:144) ~[?:?]
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
 at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_201]
 at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-6.7.0.jar:6.7.0]
 ... 15 more
Caused by: java.nio.file.AccessDeniedException: /etc/elasticsearch/config/certs/elastic-certificates.p12
 at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84) ~[?:?]
 at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102) ~[?:?]
 at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107) ~[?:?]
 at sun.nio.fs.UnixFileSystemProvider.newByteChannel(UnixFileSystemProvider.java:214) ~[?:?]
 at java.nio.file.Files.newByteChannel(Files.java:361) ~[?:1.8.0_201]
 at java.nio.file.Files.newByteChannel(Files.java:407) ~[?:1.8.0_201]
 at java.nio.file.spi.FileSystemProvider.newInputStream(FileSystemProvider.java:384) ~[?:1.8.0_201]
 at java.nio.file.Files.newInputStream(Files.java:152) ~[?:1.8.0_201]
 at org.elasticsearch.xpack.core.ssl.TrustConfig.getStore(TrustConfig.java:87) ~[?:?]
 at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:58) ~[?:?]
 at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:394) ~[?:?]
 at java.util.HashMap.computeIfAbsent(HashMap.java:1127) ~[?:1.8.0_201]
 at org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSSLConfigurations$4(SSLService.java:448) ~[?:?]
 at java.util.HashMap.forEach(HashMap.java:1289) ~[?:1.8.0_201]
 at org.elasticsearch.xpack.core.ssl.SSLService.loadSSLConfigurations(SSLService.java:436) ~[?:?]
 at org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:103) ~[?:?]
 at org.elasticsearch.xpack.core.XPackPlugin.<init>(XPackPlugin.java:144) ~[?:?]
 at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
 at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
 at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
 at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_201]
 at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:605) ~[elasticsearch-6.7.0.jar:6.7.0]
 ... 15 more
10

After troubleshooting, I needed to set the chown for the certs/elastic-certificates.pk12 to
the elasticsearch user and then the folder certs was in. I then chmod the folder to 770 but may change the security on that folder in the near future.

11

back to another error that I came across, resetting built-in user elastic passwd using ./bin/elasticsearch-setup-passwords interactive and receive this error

  SSL connection to https://127.0.0.1:9200/_xpack/security/_authenticate?pretty failed: 
  Unrecognized SSL message, plaintext connection?
  Please check the elasticsearch SSL settings under xpack.security.http.ssl

Another side note, is the transport.ssl required for changing the built-in user elastic password?

12

This suggests that your cluster (or, whatever is listening on port 9200) isn't running SSL, but your elasticsearch.yml claims it should be.

My best guess is that you've set xpack.security.http.ssl.enabled: true in your yml config, but haven't restarted the node.

No.

13

Thank you for replying, I had disable http.ssl and enable transport.ssl. Enable xpack.security.enable: yes and license to trial and reset the password for elastic user.

Another question would be how would you authenticate user to elasticsearch using elastic user?
Is the authentication set to authenticate:base64 (user:password) or is it standard -k -u elastic: passwd?
If it's the last one, what are the security measure to prevent from api sniffing for username and password in plain text?

Thank you for your time

14

So I instead used postman for header authorization.

another question is that I'm testing on GCE and was wondering how I could assign an external ip for testing purposes for development? Would I need to install gcp plugin or could I assign ip address of vm instance?

15

Are you talking about how to add basic authentication credentials to curl ? Then yes both options are valid.

what are the security measure to prevent from api sniffing

TLS

If it's the last one,

Please note that the Base64 encoding of the credentials that is used for the Authorization header is not to be considered as a secure way to send this over an insecure medium. The value can of course be decoded by someone sniffing.

16

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.