@AKCG12 I’ve forgotten that you’re using Windows. I think there is a Windows version of the openssl tool. The sgtlsdiag.bat is enough too.
According to your sgtlsdiag.bat output, the node2.pem has no certificate path which means that is self-signed and is not signed by the root ca HAL-CA.cer.
At this point, you should contact your team that signed your cert and verify the signing process with them.
I got the node cert signed in by the Root certs. but my Root cert is like root.ca → root1.ca . there is a trust between the root1.ca and the node cert .
In this case what should i input in my elasticsearch.yml file. is there a option to have two certs to be inputted in the yml file .
@AKCG12 Yes, you can have two certificates, but in this case, I’d suggest replacing HAL-CA.cer with that Root certificate. That change must be made in all Elasticsearch nodes in the cluster.
@AKCG12 Have you tried to use just the correct one? Try to get the Elasticsearch cluster up and running and then test multiple root CA certificates.
To configure multiple root CAs, you’ll have to place them both in one file. Just copy and paste the content of both certificates.
However, for testing purposes, I strongly suggest using a single root CA that has trust with the node certificate and testing the cluster functionality.
I tried running the elk , it is trying to form the cluster- it says to Node3 not initialized… need to run the sg admin tool
when i run the sgadmin tool this is the error i am getting .
I have a 3 node cluster and my Admin certificate i generated is node4 - which is a Kibana server. While i am running the sg admin command from one of the 3 nodes of ELK.
Hope i am doing it correctly … this is my command to run the SG Admin.bat
I was able to resolve the PEM Key error, with the wrong password. Now i dont get the transaport layer ssl issues. while i run the SG Admin command , i get the following errors. Do i need to run the SGADMIN Command in every node(3 nodes) and i am getting a lot of JVM Crash happening … when i start the cluster and when the SGADMIN is initializing the sgadmin index
@amalk12 These are not JVM crash errors but only warnings. The SG plugin is not initialized yet and you need to run sgadmin.sh to create searchguard index and add plugin configuration.
I assume you’ve used the below command to initialize SG plugin.
Every time i try to start the cluster, the node runs for sometime and then the high heap memory usage error comes up and the node is crashing and is shut down. I am not sure why this java heap usage high is coming up while cluster is getting formed
Hi Pablo,
is my cluster getting formed… i am not sure about that. i do get node2 not initialized or node3 not initialized . can you plz throw some light on this issue
Hi Pablo,
I am able to get the cluster formed and i am able to initialize the index using sgadmin.bat command. I have installed the kibana plugin also.
it looks like data is not following in from elk servers to kibana. i do have the logstash also.
so is there any config changes need to be done in kibana and logstash after the search guard is initialized in elk cluster
@amalk12 There is no data flow between Elasticsearch and Kibana. Data are stored in the Elasticsearch indices and Kibana only accesses them through APIs.
If you can’t see data in the logstash indices I suggest reviewing your logstash config and following this documentation.
