For encryption i followed each and every step. I added the lines into .yml file as show in https://www.elastic.co/guide/en/shield/current/_configure_the_keystores_and_enable_ssl.html
after adding.. im unable to start elasticsearch?
please help me?
Hi,
You will need to provide us with more information in order to help you. What happens when you start elasticsearch? what is in your elasticsearch.yml? any exceptions in the log?
-Jay
I added these lines in .yml file.
shield.ssl.keystore.path: /home/es/config/node01.jks
shield.ssl.keystore.password: myPass
shield.ssl.truststore.path: /home/es/config/truststore.jks
shield.ssl.truststore.password: myPass
shield.transport.ssl: true
shield.http.ssl: true
discovery.zen.ping.multicast.enabled: false
discovery.zen.ping.unicast.hosts: ["node01:9300", "node02:9301"]
After adding these to .yml file... elasticsearch service is not starting. Its not showing any error. But, its not starting. ?
Are you starting via a init/service script or using "bin/elasticsearch"? Are the keystore and truststore files readable permission wise by the user running elasticsearch?
Nothing is being written in the logs when starting up? If not, the best way to try to figure out what is wrong is to comment out the configuration changes. I'd recommend first commenting out the newly added settings except for the discovery ones. Start elasticsearch and verify it is working. Then try adding in the shield.ssl.keystore settings. Verify that works and keep going.
I commented everything except discovery... now its working fine.
If i add those shield lines...its not starting.. why this is happening... ?
please help me..
Thanks in advance...
Can you provide answers to all of these questions:
- Anything in your log files?
- Did you check the file permissions?
- Are the passwords/locations correct?
Hey now its working... if im commenting out this line
shield.http.ssl: true
If im enabling it also..elasticsearch is started... but, if im accessing localhost:9200 ... im not getting the response.
Did you add https to the URL? So https://localhost:9200. Your browser may give certificate warnings
Now im getting issue regarding kibana...
I pointed elasticsearch url to https://localhost:9200 in kibana.yml ...
Now kibana is not starting.??
It showing me some errors like:
"No living connections","node_env":"production"
Unable to connect to elasticsearch at https://localhost:9200. Retrying in 2.5 seconds.","node_env":"production"
"error","node_env":"production","error":"Request error, retrying -- DEPTH_ZERO_SELF_SIGNED_CERT"}Did you configure Kibana for SSL, specifically the ca parameter? https://www.elastic.co/guide/en/kibana/current/production.html#enabling-ssl
yes i have given ... eventhough im not able to start...
Its giving me main error
"error","node_env":"production","error":"Request error, retrying -- DEPTH_ZERO_SELF_SIGNED_CERT"}Is the issuer of your certificate the same as the subject?
Sry i didnt get you Jaymode...
The certificate that you've created for your elasticsearch instance, has two fields an issuer and a owner. The issuer is the CA that has signed the certificate and the owner/subject the entity that the certificate represents.
Executing keytool -list -v -keystore node01.jks should provide this information. My example shows the following:
Alias name: node01
Creation date: Jun 3, 2015
Entry type: PrivateKeyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN=Test Node
Issuer: C=NL, ST=Amsterdam, L=Amsterdam, EMAILADDRESS=cacerttest@YOUR.COMPANY.TLD, O=Elasticsearch Test Org
My question to you is whether you have the same owner and issuer in your certificate?