I have installed Search Guard version 5.6.4-18 plugin to my Elasticsearch cluster (Version 5.6.4). Search Guard was working fine when I generated the self signed certificates using the TLS Certificate Generator, but now we got the valid certificates from third party entrust and they provided three files which has,
JAVA version “1.8.0_151”
VERSION=“16.04.3 LTS (Xenial Xerus)”
I have configured the pem files in elasticsearch.yml as like below,
Configuring TLS on each node
The valid certificates CN has wildcard based type and it wil be like this *.servicenow.com
After the above configuration changes made in elasticsearch.yml, I tried starting the elasticsearch but however I am getting the below exception in ES logs,
2018-02-08T13:54:43,754][ERROR][c.f.s.s.DefaultSearchGuardKeyStore] Your keystore or PEM does not contain a key. If you sepcified a key password try removing it. If you not sepcified a key password maybe you one because the key is password protected. Maybe you just confused keys and certificates.
[2018-02-08T13:54:43,828][ERROR][o.e.b.Bootstrap ] Exception
org.elasticsearch.ElasticsearchException: Failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:438) ~[elasticsearch-5.6.4.jar:5.6.4]
Please find the attached complete ES logs & Elasticsearch.yml and kindly share your thoughts. Please correct me if I am doing anything wrong in the setup and it would be very helpful.
Elasticsearch1.yml (3.81 KB)
es_logs.txt (22.9 KB)