After completing "Getting started with the Elastic Stack" and "Securing the Elastic Stack" tutorials, I'm trying to complete "Encrypting Communications". After CA and certificate creation, Keystore and Truststore passwords addittion, and elasticsearch.yml configuration, ES is unable to start. I'm getting the "keystore password was incorrect" error in the service log.
I've already read these posts, but can't find a solution :
Deleted CA and certificate files and created again tu ensure password correctness.
Overwriten elasticsearch-keystore and added keystore and truststore passwords to ensure correctness.
elasticsearch.yml edition to ensure parameters correctness.
Installation properties:
Ubuntu 19.04 virtual machine
DEB package installation mode
Kibana, Metricbeat, and Logstash installed with authentication enabled
The Service log:
Caused by: java.io.IOException: keystore password was incorrect
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2117) ~[?:?]
at sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222) ~[?:?]
at java.security.KeyStore.load(KeyStore.java:1472) ~[?:?]
at org.elasticsearch.xpack.core.ssl.TrustConfig.getStore(TrustConfig.java:89) ~[?:?]
at org.elasticsearch.xpack.core.ssl.StoreKeyConfig.createTrustManager(StoreKeyConfig.java:83) ~[?:?]
at
The configuration file:
# ---------------------------------- Cluster -----------------------------------
#
# Use a descriptive name for your cluster:
#
cluster.name: test-cluster
#
# ------------------------------------ Node ------------------------------------
#
# Use a descriptive name for the node:
#
node.name: node-1
#
# Add custom attributes to the node:
#
#node.attr.rack: r1
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
# ----------------------------------- Memory -----------------------------------
#
# Lock the memory on startup:
#
#bootstrap.memory_lock: true
#
# Make sure that the heap size is set to about half the memory available
# on the system and that the owner of the process is allowed to use this
# limit.
#
# Elasticsearch performs poorly when the system is swapping the memory.
#
# ---------------------------------- Network -----------------------------------
#
# Set the bind address to a specific IP (IPv4 or IPv6):
#
#network.host: 192.168.0.1
#
# Set a custom port for HTTP:
#
#http.port: 9200
#
# For more information, consult the network module documentation.
#
# --------------------------------- Discovery ----------------------------------
#
# Pass an initial list of hosts to perform discovery when this node is started:
# The default list of hosts is ["127.0.0.1", "[::1]"]
#
#discovery.seed_hosts: ["host1", "host2"]
#
# Bootstrap the cluster using an initial set of master-eligible nodes:
#
cluster.initial_master_nodes: ["node-1"]
#
#discovery.type: single-node
# ---------------------------------- Gateway -----------------------------------
#
# Block initial recovery after a full cluster restart until N nodes are started:
#
#gateway.recover_after_nodes: 3
#
# For more information, consult the gateway module documentation.
#
# ---------------------------------- Various -----------------------------------
#
# Require explicit names when deleting indices:
#
#action.destructive_requires_name: true
#
# ---------------------------------- Security ----------------------------------
#
#
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/node-1.p12
xpack.security.transport.ssl.keystore.truststore.path: /etc/elasticsearch/certs/node-1.p12
Thanks for your reply. I´m going to answer yor questions one by one:
This was corrected, tryed to start ES again, but got the same behaviour:
This is what I did to overwrite de Keystore: ./bin/elasticsearch-keystore create
The output you requested:
root@gian-sandbox-vm:/home/gian# /usr/share/elasticsearch/bin/elasticsearch-keystore list
keystore.seed
xpack.security.ssl.keystore.secure_password
xpack.security.ssl.truststore.secure_password
root@gian-sandbox-vm:/home/gian#
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.