search-guard-ssl not SSLing

I’m trying to setup search-guard-ssl (2.4.1.7) on elasticsearch 2.4.1.

I’m having trouble here:

https://github.com/floragunncom/search-guard-ssl-docs/blob/master/quickstart.md#testing-the-installation

curl -s --noproxy 127.0.0.1 http://127.0.0.1:9200/_searchguard/sslinfo?pretty"
{
“principal” : null,
“peer_certificates” : “0”,
“ssl_protocol” : null,
“ssl_cipher” : null,
“ssl_openssl_available” : false,
“ssl_openssl_version” : -1,
“ssl_openssl_version_string” : null,
“ssl_openssl_non_available_cause” : “java.lang.ClassNotFoundException: org.apache.tomcat.jni.SSL”,
“ssl_provider_http” : null,
“ssl_provider_transport_server” : “JDK”,
“ssl_provider_transport_client” : “JDK”
}

``

Earlier in the docs it says to ignore the tomcat warning, yet from this status output it seems that’s exactly what’s keeping this from working. Any tips?

Followed instructions here to meet prerequisites.

https://github.com/floragunncom/search-guard-ssl-docs/blob/master/openssl.md

I suggest to get it first working without openssl (in this case we use JDK built-in SSL).

Make sure you have set

searchguard.ssl.http.enabled: true

searchguard.ssl.http.keystore_filepath: keystore_file.jks

searchguard.ssl.http.truststore_filepath: truststore_file.jks

and then execute something like this:

curl -k -s --noproxy 127.0.0.1 https://127.0.0.1:9200/_searchguard/sslinfo?pretty"

If this is working we can get back to see why openssl might not be working.

First question here is whats your operating system?

Hope this helps

···

On Saturday, 17 December 2016 04:04:49 UTC+1, pixelrebel wrote:

Followed instructions here to meet prerequisites.

https://github.com/floragunncom/search-guard-ssl-docs/blob/master/openssl.md