java.lang.IllegalArgumentException: script file extension not supported [jks]

Search Guard
1

I have been following the ssl quickstart guide using the example-pki-scripts to generate keystores and truststores.

When running elasticsearch, I am getting the following exceptions. I included the content of the config directory and the elasticsearch.yml below. Any ideas what I am doing wrong?

[2017-02-16 21:28:08,413][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers

[2017-02-16 21:28:08,413][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]

[2017-02-16 21:28:08,413][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]

[2017-02-16 21:28:08,820][INFO ][com.floragunn.searchguard.configuration.ConfigurationModule] FLS/DLS valve not bound (noop)

[2017-02-16 21:28:08,822][INFO ][com.floragunn.searchguard.auditlog.AuditLogModule] Auditlog not available

[2017-02-16 21:28:09,087][INFO ][transport ] [Captain America] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]

[2017-02-16 21:28:09,087][INFO ][transport ] [Captain America] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]

[2017-02-16 21:28:11,975][WARN ][watcher ] cannot notify file changes listener

java.lang.IllegalArgumentException: script file extension not supported [jks]

at org.elasticsearch.script.ScriptService.getScriptEngineServiceForFileExt(ScriptService.java:220)

at org.elasticsearch.script.ScriptService.access$1300(ScriptService.java:82)

at org.elasticsearch.script.ScriptService$ScriptChangesListener.onFileInit(ScriptService.java:531)

at org.elasticsearch.watcher.FileWatcher$FileObserver.onFileCreated(FileWatcher.java:256)

at org.elasticsearch.watcher.FileWatcher$FileObserver.init(FileWatcher.java:166)

at org.elasticsearch.watcher.FileWatcher$FileObserver.createChild(FileWatcher.java:173)

at org.elasticsearch.watcher.FileWatcher$FileObserver.listChildren(FileWatcher.java:188)

Config directory content:

-rw-rw-r–. 1 4481 Feb 16 21:19 elasticsearch.yml

-rw-rw-r–. 1 5321 Feb 16 20:00 kirk.crt.pem

-rw-rw-r–. 1 2571 Aug 23 16:46 logging.yml

-rw-rw-r–. 1 4493 Feb 16 19:52 node-0-keystore.jks

drwxrwxr-x. 2 80 Feb 16 19:27 scripts

-rw-rw-r–. 1 1096 Feb 16 19:28 truststore.jks

elasticsearch.yml content:

searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks

searchguard.ssl.transport.keystore_password: changeit

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password: changeit

searchguard.ssl.transport.enforce_hostname_verification: false

2

what is in your “scripts” folder?

···

On Thursday, 16 February 2017 22:31:55 UTC+1, Eliran Boraks wrote:

I have been following the ssl quickstart guide using the example-pki-scripts to generate keystores and truststores.

When running elasticsearch, I am getting the following exceptions. I included the content of the config directory and the elasticsearch.yml below. Any ideas what I am doing wrong?

[2017-02-16 21:28:08,413][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers

[2017-02-16 21:28:08,413][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]

[2017-02-16 21:28:08,413][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]

[2017-02-16 21:28:08,820][INFO ][com.floragunn.searchguard.configuration.ConfigurationModule] FLS/DLS valve not bound (noop)

[2017-02-16 21:28:08,822][INFO ][com.floragunn.searchguard.auditlog.AuditLogModule] Auditlog not available

[2017-02-16 21:28:09,087][INFO ][transport ] [Captain America] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]

[2017-02-16 21:28:09,087][INFO ][transport ] [Captain America] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]

[2017-02-16 21:28:11,975][WARN ][watcher ] cannot notify file changes listener

java.lang.IllegalArgumentException: script file extension not supported [jks]

at org.elasticsearch.script.ScriptService.getScriptEngineServiceForFileExt(ScriptService.java:220)

at org.elasticsearch.script.ScriptService.access$1300(ScriptService.java:82)

at org.elasticsearch.script.ScriptService$ScriptChangesListener.onFileInit(ScriptService.java:531)

at org.elasticsearch.watcher.FileWatcher$FileObserver.onFileCreated(FileWatcher.java:256)

at org.elasticsearch.watcher.FileWatcher$FileObserver.init(FileWatcher.java:166)

at org.elasticsearch.watcher.FileWatcher$FileObserver.createChild(FileWatcher.java:173)

at org.elasticsearch.watcher.FileWatcher$FileObserver.listChildren(FileWatcher.java:188)

Config directory content:

-rw-rw-r–. 1 4481 Feb 16 21:19 elasticsearch.yml

-rw-rw-r–. 1 5321 Feb 16 20:00 kirk.crt.pem

-rw-rw-r–. 1 2571 Aug 23 16:46 logging.yml

-rw-rw-r–. 1 4493 Feb 16 19:52 node-0-keystore.jks

drwxrwxr-x. 2 80 Feb 16 19:27 scripts

-rw-rw-r–. 1 1096 Feb 16 19:28 truststore.jks

elasticsearch.yml content:

searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks

searchguard.ssl.transport.keystore_password: changeit

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password: changeit

searchguard.ssl.transport.enforce_hostname_verification: false

3

The ‘scripts’ folder had old cert that I replaced. I remove it and now it’s working thank you.

Eliran

···

On Fri, Feb 17, 2017 at 2:24 AM, Search Guard info@search-guard.com wrote:

what is in your “scripts” folder?

On Thursday, 16 February 2017 22:31:55 UTC+1, Eliran Boraks wrote:

I have been following the ssl quickstart guide using the example-pki-scripts to generate keystores and truststores.

When running elasticsearch, I am getting the following exceptions. I included the content of the config directory and the elasticsearch.yml below. Any ideas what I am doing wrong?

[2017-02-16 21:28:08,413][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTPProvider:null with ciphers

[2017-02-16 21:28:08,413][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslTransport protocols [TLSv1.2, TLSv1.1]

[2017-02-16 21:28:08,413][INFO ][com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore] sslHTTP protocols [TLSv1.2, TLSv1.1]

[2017-02-16 21:28:08,820][INFO ][com.floragunn.searchguard.configuration.ConfigurationModule] FLS/DLS valve not bound (noop)

[2017-02-16 21:28:08,822][INFO ][com.floragunn.searchguard.auditlog.AuditLogModule] Auditlog not available

[2017-02-16 21:28:09,087][INFO ][transport ] [Captain America] Using [com.floragunn.searchguard.transport.SearchGuardTransportService] as transport service, overridden by [search-guard2]

[2017-02-16 21:28:09,087][INFO ][transport ] [Captain America] Using [com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] as transport, overridden by [search-guard-ssl]

[2017-02-16 21:28:11,975][WARN ][watcher ] cannot notify file changes listener

java.lang.IllegalArgumentException: script file extension not supported [jks]

at org.elasticsearch.script.ScriptService.getScriptEngineServiceForFileExt(ScriptService.java:220)

at org.elasticsearch.script.ScriptService.access$1300(ScriptService.java:82)

at org.elasticsearch.script.ScriptService$ScriptChangesListener.onFileInit(ScriptService.java:531)

at org.elasticsearch.watcher.FileWatcher$FileObserver.onFileCreated(FileWatcher.java:256)

at org.elasticsearch.watcher.FileWatcher$FileObserver.init(FileWatcher.java:166)

at org.elasticsearch.watcher.FileWatcher$FileObserver.createChild(FileWatcher.java:173)

at org.elasticsearch.watcher.FileWatcher$FileObserver.listChildren(FileWatcher.java:188)

Config directory content:

-rw-rw-r–. 1 4481 Feb 16 21:19 elasticsearch.yml

-rw-rw-r–. 1 5321 Feb 16 20:00 kirk.crt.pem

-rw-rw-r–. 1 2571 Aug 23 16:46 logging.yml

-rw-rw-r–. 1 4493 Feb 16 19:52 node-0-keystore.jks

drwxrwxr-x. 2 80 Feb 16 19:27 scripts

-rw-rw-r–. 1 1096 Feb 16 19:28 truststore.jks

elasticsearch.yml content:

searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks

searchguard.ssl.transport.keystore_password: changeit

searchguard.ssl.transport.truststore_filepath: truststore.jks

searchguard.ssl.transport.truststore_password: changeit

searchguard.ssl.transport.enforce_hostname_verification: false

You received this message because you are subscribed to a topic in the Google Groups “Search Guard” group.

To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/GH3WZiLXz4Y/unsubscribe.

To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/36b7f22e-54f7-4b17-af4a-f34d6436b015%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Keep in touch

Twitter
LinkedIn

Facebook