Keystore was tampered with, or password was incorrect when running sgadmin

Alan · August 5, 2016, 1:58pm

Hi,

I am getting this error when running ‘sgadmin.sh’:

searchguard.authcz.admin_dn:

cn=admin,ou=Test,ou=ou,dc=company,dc=com
cn=smith,ou=IT,ou=IT,dc=company,dc=com

./sgadmin.sh -cd …/sgconfig/ -ks …/sgconfig/admin-keystore.jks -ts …/sgconfig/truststore.jks -nhnv

ERR: An unexpected ElasticsearchSecurityException occured: Error while initializing transport SSL layer: java.io.IOException: Keystore was tampered with, or password was incorrect

Trace:

ElasticsearchSecurityException[Error while initializing transport SSL layer: java.io.IOException: Keystore was tampered with, or password was incorrect]; nested: IOException[Keystore was tampered with, or password was incorrect]; nested: UnrecoverableKeyException[Password verification failed];

at com.floragunn.searchguard.ssl.SearchGuardKeyStore.initSSLConfig(SearchGuardKeyStore.java:262)

at com.floragunn.searchguard.ssl.SearchGuardKeyStore.<init>(SearchGuardKeyStore.java:139)

at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:29)

at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:128)

at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)

at org.elasticsearch.client.transport.TransportClient$Builder.build(TransportClient.java:139)

at com.floragunn.searchguard.tools.SearchGuardAdmin.main0(SearchGuardAdmin.java:245)

at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:72)

Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect

at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)

at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)

at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)

at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)

at java.security.KeyStore.load(KeyStore.java:1445)

at com.floragunn.searchguard.ssl.SearchGuardKeyStore.initSSLConfig(SearchGuardKeyStore.java:208)

... 7 more

Caused by: java.security.UnrecoverableKeyException: Password verification failed

at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)

... 12 more

can somebody tell me what are the following:

cn
ou
ou
dc
dc

Many thanks

B

searchguard_google_group · August 17, 2016, 8:54pm

The error message is quite clear:

Caused by: java.security.UnrecoverableKeyException: Password verification failed

You did not provide the passwords for the key- and truststore. Pls. use these command line options to set them:

   -kspass <password for keystore> -tspass <password for truststore>

The cn, ou etc. are the name parts of the DN (distinguished name) of your TLS certificate. You define them when generating the cert.

···

On Friday, 5 August 2016 15:58:22 UTC+2, Alan wrote:

Hi,

I am getting this error when running ‘sgadmin.sh’:

searchguard.authcz.admin_dn:

cn=admin,ou=Test,ou=ou,dc=company,dc=com

cn=smith,ou=IT,ou=IT,dc=company,dc=com

./sgadmin.sh -cd …/sgconfig/ -ks …/sgconfig/admin-keystore.jks -ts …/sgconfig/truststore.jks -nhnv

ERR: An unexpected ElasticsearchSecurityException occured: Error while initializing transport SSL layer: java.io.IOException: Keystore was tampered with, or password was incorrect

Trace:

ElasticsearchSecurityException[Error while initializing transport SSL layer: java.io.IOException: Keystore was tampered with, or password was incorrect]; nested: IOException[Keystore was tampered with, or password was incorrect]; nested: UnrecoverableKeyException[Password verification failed];

at com.floragunn.searchguard.ssl.SearchGuardKeyStore.initSSLConfig(SearchGuardKeyStore.java:262)

at com.floragunn.searchguard.ssl.SearchGuardKeyStore.(SearchGuardKeyStore.java:139)

at com.floragunn.searchguard.ssl.SearchGuardSSLModule.(SearchGuardSSLModule.java:29)

at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:128)

at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)

at org.elasticsearch.client.transport.TransportClient$Builder.build(TransportClient.java:139)

at com.floragunn.searchguard.tools.SearchGuardAdmin.main0(SearchGuardAdmin.java:245)

at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:72)

Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect

at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)

at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)

at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)

at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)

at java.security.KeyStore.load(KeyStore.java:1445)

at com.floragunn.searchguard.ssl.SearchGuardKeyStore.initSSLConfig(SearchGuardKeyStore.java:208)

… 7 more

Caused by: java.security.UnrecoverableKeyException: Password verification failed

at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)

… 12 more

can somebody tell me what are the following:

cn

ou

dc

Many thanks

B

Topic		Replies	Views
sgadmin fails please solve this issue Search Guard	2	384	November 1, 2017
ElasticsearchSecurityException on running sgadmin.sh. Search Guard	0	412	September 25, 2017
tools/sgadmin.sh - Error "no valid cipher suites for transport protocol" Search Guard	5	531	February 20, 2017
sgadmin Run Search Guard	2	373	June 23, 2018
Unable to execute sgadmin.sh Search Guard	6	1771	May 9, 2019

Keystore was tampered with, or password was incorrect when running sgadmin

Related Topics