i also facing the similar error.
···
On Thursday, June 15, 2017 at 4:10:55 AM UTC+5:30, Umair Hassan wrote:
Hi,
I have the same issue. I have my own-created certs, keystore and truststore. Keytool shows the alias from the keystore but the elasticsearch complains that it could not find the alias i mentioned. Here are my configs:
elasticsearch.yml
######## Start Search Guard Demo Configuration ########
searchguard.ssl.transport.keystore_filepath: keystore.jks
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_alias: root-ca
searchguard.ssl.transport.keystore_alias: elastic
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: keystore.jks
searchguard.ssl.http.keystore_alias: elastic
searchguard.ssl.http.truststore_alias: root-ca
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.authcz.admin_dn:
- CN=marry,OU=Openstack,O=Cloud9 Networks FZE,L=DSO, C=AE
cluster.name: ES_demo
network.host: 0.0.0.0
######## End Search Guard Demo Configuration ########
[root@util tools]# keytool -list -v -keystore /etc/elasticsearch/keystore.jks -alias elastic
Enter keystore password:
Alias name: elastic
Creation date: Jun 14, 2017
Entry type: trustedCertEntry
Owner: EMAILADDRESS=a...@domain.com, CN=abc, OU=unit, O=org, L=cqg, ST=a, C=s
Issuer: ***************************************
Serial number: 1001
Valid from: Wed Jun 14 16:00:19 EDT 2017 until: Sun May 13 16:00:19 EDT 2018
Certificate fingerprints:
Extensions:
#1: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
#2: ObjectId: 2.5.29.35 Criticality=false
#3: ObjectId: 2.5.29.19 Criticality=false
#4: ObjectId: 2.5.29.37 Criticality=false
#5: ObjectId: 2.5.29.15 Criticality=true
#6: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
#7: ObjectId: 2.5.29.14 Criticality=false
[2017-06-14T18:26:33,166][ERROR][c.f.s.s.u.SSLCertificateHelper] Alias elastic does not exists or contain hold a certificate chain
[2017-06-14T18:26:33,232][ERROR][o.e.b.Bootstrap ] Exception
org.elasticsearch.ElasticsearchException: Failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:430) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:383) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.plugins.PluginsService.(PluginsService.java:139) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.node.Node.(Node.java:309) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.node.Node.(Node.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Bootstrap$6.(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:360) [elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:123) [elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:114) [elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:67) [elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:122) [elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.cli.Command.main(Command.java:88) [elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91) [elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84) [elasticsearch-5.4.0.jar:5.4.0]
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_131]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:419) ~[elasticsearch-5.4.0.jar:5.4.0]
… 14 more
Caused by: org.elasticsearch.ElasticsearchSecurityException: Error while initializing transport SSL layer: java.security.KeyStoreException: no key alias named elastic
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initSSLConfig(DefaultSearchGuardKeyStore.java:261) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.(DefaultSearchGuardKeyStore.java:150) ~[?:?]
at com.floragunn.searchguard.SearchGuardPlugin.(SearchGuardPlugin.java:205) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_131]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:419) ~[elasticsearch-5.4.0.jar:5.4.0]
… 14 more
Caused by: java.security.KeyStoreException: no key alias named elastic
at com.floragunn.searchguard.ssl.util.SSLCertificateHelper.exportDecryptedKey(SSLCertificateHelper.java:136) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initSSLConfig(DefaultSearchGuardKeyStore.java:227) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.(DefaultSearchGuardKeyStore.java:150) ~[?:?]
at com.floragunn.searchguard.SearchGuardPlugin.(SearchGuardPlugin.java:205) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_131]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:419) ~[elasticsearch-5.4.0.jar:5.4.0]
… 14 more
[2017-06-14T18:26:33,241][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: ElasticsearchException[Failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]]; nested: InvocationTargetException; nested: ElasticsearchSecurityException[Error while initializing transport SSL layer: java.security.KeyStoreException: no key alias named elastic]; nested: KeyStoreException[no key alias named elastic];
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:127) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:114) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:67) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:122) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.cli.Command.main(Command.java:88) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:91) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:84) ~[elasticsearch-5.4.0.jar:5.4.0]
Caused by: org.elasticsearch.ElasticsearchException: Failed to load plugin class [com.floragunn.searchguard.SearchGuardPlugin]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:430) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:383) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.plugins.PluginsService.(PluginsService.java:139) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.node.Node.(Node.java:309) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.node.Node.(Node.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Bootstrap$6.(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:360) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:123) ~[elasticsearch-5.4.0.jar:5.4.0]
… 6 more
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_131]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:419) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:383) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.plugins.PluginsService.(PluginsService.java:139) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.node.Node.(Node.java:309) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.node.Node.(Node.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Bootstrap$6.(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:360) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:123) ~[elasticsearch-5.4.0.jar:5.4.0]
… 6 more
Caused by: org.elasticsearch.ElasticsearchSecurityException: Error while initializing transport SSL layer: java.security.KeyStoreException: no key alias named elastic
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initSSLConfig(DefaultSearchGuardKeyStore.java:261) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.(DefaultSearchGuardKeyStore.java:150) ~[?:?]
at com.floragunn.searchguard.SearchGuardPlugin.(SearchGuardPlugin.java:205) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_131]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:419) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:383) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.plugins.PluginsService.(PluginsService.java:139) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.node.Node.(Node.java:309) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.node.Node.(Node.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Bootstrap$6.(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:360) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:123) ~[elasticsearch-5.4.0.jar:5.4.0]
… 6 more
Caused by: java.security.KeyStoreException: no key alias named elastic
at com.floragunn.searchguard.ssl.util.SSLCertificateHelper.exportDecryptedKey(SSLCertificateHelper.java:136) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initSSLConfig(DefaultSearchGuardKeyStore.java:227) ~[?:?]
at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.(DefaultSearchGuardKeyStore.java:150) ~[?:?]
at com.floragunn.searchguard.SearchGuardPlugin.(SearchGuardPlugin.java:205) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) ~[?:?]
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) ~[?:?]
at java.lang.reflect.Constructor.newInstance(Constructor.java:423) ~[?:1.8.0_131]
at org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:419) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:383) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.plugins.PluginsService.(PluginsService.java:139) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.node.Node.(Node.java:309) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.node.Node.(Node.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Bootstrap$6.(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:242) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:360) ~[elasticsearch-5.4.0.jar:5.4.0]
at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:123) ~[elasticsearch-5.4.0.jar:5.4.0]
… 6 more
Elasticsearch log
``
I don’t know why isn’t it picking up the alias.
On Friday, September 9, 2016 at 11:49:05 PM UTC+4, ZillaYT wrote:
i’m getting this with sg-ssl-v2.3.5.15. Is there a fix? I’ve tried using the PKC512 type to no avail.
Chris
On Thursday, July 28, 2016 at 10:30:25 AM UTC-4, Breno Inojosa wrote:
Hi all,
I have set up the latest stable version of search-guard-ssl (2.3.4.14) and I generated both keystore and truststore by doing:
keytool -importcert -file /etc/elasticsearch/ca.pem -keystore /etc/elasticsearch/truststore.jks -storepass myHappyPass -noprompt -alias myHappyAlias
cat /etc/elasticsearch/chain.pem /etc/elasticsearch/server.key | keytool -importcert -keystore /etc/elasticsearch/keystore.jks -storepass myHappyPassTwo -noprompt -alias keystoreAliasHere
And running this command keytool -list -keystore keystore.jks -alias myHappyAliasHere successfully returns this**:**
myHappyAliasHere, Jun 14, 2016, trustedCertEntry,
Certificate fingerprint (SHA1): …
All my configs are under /etc/elasticsearch only.
So I guess everything is fine on my side, but when I run elasticsearch, I get this:
Exception in thread “main” ElasticsearchSecurityException[Error while initializing transport SSL layer: java.security.KeyStoreException: no key alias named myHappyAliasHere]; nested: KeyStoreException[no key alias named myHappyAliasHere];
Likely root cause: java.security.KeyStoreException: no key alias named myHappyAliasHere
at com.floragunn.searchguard.ssl.util.SSLCertificateHelper.exportDecryptedKey(SSLCertificateHelper.java:122)
at com.floragunn.searchguard.ssl.SearchGuardKeyStore.initSSLConfig(SearchGuardKeyStore.java:211)
at com.floragunn.searchguard.ssl.SearchGuardKeyStore.<init>(SearchGuardKeyStore.java:139)
at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:29)
at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:126)
at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
at org.elasticsearch.node.Node.<init>(Node.java:179)
at org.elasticsearch.node.Node.<init>(Node.java:140)
at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)
at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:178)
at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:270)
at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)
Just making sure I'm not doing anything wrong before opening a bug on Github.
Any clues?