Am 12.12.2017 um 16:25 schrieb hokiegeek2@gmail.com:
Cool, gotcha, okay. I upgraded to ES 5.6.4 and am using search guard-5-5.6.4-16/search guard-ssl-5.6.4-23 and I am seeing the same error.
In terms of configuration, I am using the default elasticsearch.yml and passing the following command-line configs:
searchguard.ssl.transport.enabled=true
searchguard.ssl.transport.keystore_filepath=*******
searchguard.ssl.transport.keystore_password=*******
searchguard.ssl.transport.truststore_filepath=*******
searchguard.ssl.transport.truststore_password=*******
searchguard.ssl.transport.alias=* (wildcard cert)
searchguard.ssl.transport.enforce_hostname_verification=false
searchguard.ssl.transport.resolve_hostname=false
searchguard.ssl.http.enabled=true
searchguard.ssl.http.keystore_filepath=*******
searchguard.ssl.http.keystore_password=*******
searchguard.ssl.http.truststore_filepath=*******
searchguard.ssl.http.truststore_password=*******
Again, since keytool does not return a keystore format error, I find this stack trace puzzling. Gonna look at the source code now to see if there is some config param I am missing. Please let me know if you see anything in my config params you think is incorrect and/or if I am missing any required params.
Thanks
--John
On Monday, December 11, 2017 at 9:00:52 AM UTC-5, Search Guard wrote:
ES 2.3.5 is end of life, so we will not support it any longer. You should upgrade to ES 5.6 because ES 2.4 will become also EOL in Feb 2018.
See https://github.com/floragunncom/search-guard-docs/blob/master/eol.md
Can you check if you have the same issue with ES 2.4.6 and SG 14 or ES 5.6.4 and SG 16
Please also post you elasticsearch.yml and complete stacktraces/logfiles. If its only a test keystore (containing no real sensitive data) you can also mail them so we can try to reproduce the error.
On Monday, 11 December 2017 14:00:37 UTC+1, ho....k2@g...il.com wrote:
Hi Everyone,
I am getting the following error with the ES 2.3.5/searchguard 2.3.5.11:
Exception in thread "main" ElasticsearchSecurityException[Error while initializing transport SSL layer: java.io.IOException: Invalid keystore format]; nested: IOException[Invalid keystore format];
Likely root cause: java.io.IOException: Invalid keystore format
However, when I inspect the keystore via keytool, I don't get the invalid keystore format error. Specifically, keytool -v -list -keystore es.keystore.jks returns the expected info, no error
Consequently, it appears the keystore is indeed valid but somewhere in the Search Guard-Java stack an error is occurring.
Any suggestions would definitely be appreciated.
Thanks
--John
--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d368bd0f-bed8-49b0-bab1-be5f16693078%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.