X-pack failed to initialize a TrustManagerFactory

Karolinebryn · November 22, 2016, 11:18am

I have set up Elasticsearch, Kibana and X-pack according to installation guidelines and made sure that it worked as expected.
Now I want to send a Kibana report using Watchers in X-Pack. I have followed this tutorial to setup secure reporting, but after adding the watcher truststore to elasticsarch.yml I get this error message when I try to start elastic:

>elasticsearch-5.0.1\bin>elasticsearch
[2016-11-22T11:03:49,406][INFO ][o.e.n.Node               ] [] initializing ...
[2016-11-22T11:03:49,477][INFO ][o.e.e.NodeEnvironment    ] [CBeNcdh] using [1] data paths, mounts [[OS (c:)]], net usable_space [72.2gb], net total_space [223.5gb], spins? [unknown], types [NTFS]
[2016-11-22T11:03:49,481][INFO ][o.e.e.NodeEnvironment    ] [CBeNcdh] heap size [1.9gb], compressed ordinary object pointers [true]
[2016-11-22T11:03:49,653][INFO ][o.e.n.Node               ] [CBeNcdh] node name [CBeNcdh] derived from node ID; set [node.name] to override
[2016-11-22T11:03:49,658][INFO ][o.e.n.Node               ] [CBeNcdh] version[5.0.1], pid[1472], build[080bb47/2016-11-11T22:08:49.812Z], OS[Windows 10/10.0/amd64], JVM[Oracle Corporation/Java HotSpot(TM) 64-Bit Server VM/1.8.0_111/25.111-b14]
[2016-11-22T11:03:50,997][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: ElasticsearchException[Failed to load plugin class [org.elasticsearch.xpack.XPackPlugin]]; nested: InvocationTargetException; nested: ElasticsearchException[failed to initialize a TrustManagerFactory]; nested: AccessControlException[access denied ("java.io.FilePermission" "C:\tmp\watcher-truststore.jks" "read")];

I'm running cmd as administrator and the truststore file have the permissions needed for elastic to read it. I do not understand why this error is happening, can anyone please help me?

This is the options added to my elasticsearch.yml file:

xpack.security.http.ssl.truststore.path: C:\tmp\watcher-truststore.jks
xpack.security.http.ssl.truststore.password: <truststorepw>

And my kibana.yml file:

server.ssl.key: C:\tmp\kibana.local.key
server.ssl.cert: C:\tmp\kibana.local.crt

xpack.security.encryptionKey: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

If I remove the truststore settings from elasticsearch.yml, I can start both elastic and kibana and kibana is running on https.

jaymode · November 22, 2016, 11:44am

Elasticsearch runs under a security manager with a restricted set of directories that can be read. The key files and certificates should be stored in the config directory and could be placed in a sub directory there if desired

Karolinebryn · November 22, 2016, 12:56pm

I was not aware of this! This solved my problem

system · December 20, 2016, 12:56pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.