Am 12.12.2017 um 16:25 schrieb email@example.com:
Cool, gotcha, okay. I upgraded to ES 5.6.4 and am using search guard-5-5.6.4-16/search guard-ssl-5.6.4-23 and I am seeing the same error.
In terms of configuration, I am using the default elasticsearch.yml and passing the following command-line configs:
searchguard.ssl.transport.alias=* (wildcard cert)
Again, since keytool does not return a keystore format error, I find this stack trace puzzling. Gonna look at the source code now to see if there is some config param I am missing. Please let me know if you see anything in my config params you think is incorrect and/or if I am missing any required params.
On Monday, December 11, 2017 at 9:00:52 AM UTC-5, Search Guard wrote:
ES 2.3.5 is end of life, so we will not support it any longer. You should upgrade to ES 5.6 because ES 2.4 will become also EOL in Feb 2018.
Can you check if you have the same issue with ES 2.4.6 and SG 14 or ES 5.6.4 and SG 16
Please also post you elasticsearch.yml and complete stacktraces/logfiles. If its only a test keystore (containing no real sensitive data) you can also mail them so we can try to reproduce the error.
On Monday, 11 December 2017 14:00:37 UTC+1, ho....k2@g...il.com wrote:
I am getting the following error with the ES 2.3.5/searchguard 188.8.131.52:
Exception in thread "main" ElasticsearchSecurityException[Error while initializing transport SSL layer: java.io.IOException: Invalid keystore format]; nested: IOException[Invalid keystore format];
Likely root cause: java.io.IOException: Invalid keystore format
However, when I inspect the keystore via keytool, I don't get the invalid keystore format error. Specifically, keytool -v -list -keystore es.keystore.jks returns the expected info, no error
Consequently, it appears the keystore is indeed valid but somewhere in the Search Guard-Java stack an error is occurring.
Any suggestions would definitely be appreciated.
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firstname.lastname@example.org.
To post to this group, send email to email@example.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d368bd0f-bed8-49b0-bab1-be5f16693078%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.