Hi,
I followed the steps as mentioned above. There are 2 issues i am observing,
Issue 1:
If i run localhost:9200 on browser, it displays error message as below,
***Search Guard not initialized (SG11). See [https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.md](https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.md)***
In elasticsearch.log, i can see the below trace,
***[2017-06-29T14:55:36,436][INFO ][c.f.s.c.IndexBaseConfigurationRepository] searchguard index does not exist yet, so no need to load config on node startup. Use sgadmin to initialize cluster***
**Issue 2:**
So the issue 1 is because i have not run sgadmin command. But when i run the sgadmin command as suggested by you in your mail, i get
___Cannot retrieve cluster state due to: None of the configured nodes are available: [{#transport#-1}{t_vvrQHFTruDXPcUgf3i-Q}{ localhost}{127.0.0.1:9300}]. This is not an error, will keep on trying ...
* Try running sgadmin.sh with -icl and -nhnv (If thats works you need to check your clustername as well as hostnames in your SSL certificates)
* If this is not working, try running sgadmin.sh with --diagnose and see diagnose trace log file)
15:00:52.735 [elasticsearch[_client_][transport_client_boss][T#3]] ERROR com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - SSL Problem General SSLEngine problem___
***javax.net.ssl.SSLHandshakeException: General SSLEngine problem.***
***Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching localhost found.***
Then i ran sgadmin command in diagnose mode. I am attaching the diagnose logs with the mail.
**Elasticsearch.yml file changes:**
*** searchguard.authcz.admin_dn:
- CN=AAEINBLR02717D
searchguard.ssl.transport.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=AAEINBLR02717D-keystore.jks
searchguard.ssl.transport.keystore_password: 36375fb609b4231e4363
searchguard.ssl.transport.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks
searchguard.ssl.transport.truststore_password: 76822cd1a1fe2a1c4b45***
**Certificates readme file:**
<a class='attachment' href='//cdck-file-uploads-global.s3.dualstack.us-west-2.amazonaws.com/business5/uploads/search_guard/original/1X/8759ccbdd95d84c725235a583fcfa8aec250e161.txt'>sgadmin_diag_trace_2017-Jun-29_15-00-42.txt</a> (17.2 KB)
<details class='elided'>
<summary title='Show trimmed content'>···</summary>
On Tue, Jun 27, 2017 at 9:31 PM, SG <info@search-guard.com> wrote:
>
>
>
>
> > Am 27.06.2017 um 10:46 schrieb vinod hy <hy.vinod88@gmail.com>:
>
> >
>
> > Hi,
>
> >
>
> > Ok. I am doing to fresh installation for searchguard plugin.
>
> >
>
> > Step 1:
>
> >
>
> > In my office environment,
>
> > elasticsearch-plugin install -b com.floragunn:search-guard-5:5.4.0-12 command doesnt work.I get some connection errors.
>
> >
>
> > For that, i downloaded the plugin offline from the below link,
>
> > [http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.floragunn%22%20AND%20a%3A%22search-guard-5%22](http://search.maven.org/#search%7Cgav%7C1%7Cg%3A%22com.floragunn%22%20AND%20a%3A%22search-guard-5%22)
>
> >
>
> > i downloaded the zip version. Please confirm if its the right one.
>
> >
>
> > Step 2:
>
> >
>
> > As per your advice, i got the certificates generated from the below link,
>
> > [https://floragunn.com/tls-certificate-generator/](https://floragunn.com/tls-certificate-generator/)
>
> >
>
> > Now, Please tell me what to do next. You have any link which explains the steps for windows?
>
> >
>
> > Regards,
>
> >
>
> > Vinod H Y
>
> >
>
> >
>
> > On Tue, Jun 27, 2017 at 3:10 AM, SG <info@search-guard.com> wrote:
>
> > The .sh scripts and the demo configuration do not work on windows normally, we recommend to generate certificates here [https://floragunn.com/tls-certificate-generator/](https://floragunn.com/tls-certificate-generator/)
>
> > For sgadmin however there is a .bat file suitable for windows.
>
> >
>
> >
>
> > > Am 26.06.2017 um 19:18 schrieb vinod hy <hy.vinod88@gmail.com>:
>
> > >
>
> > > Hi,
>
> > >
>
> > > Thanks for the info. I am using the below link to follow the steps,
>
> > > [http://floragunncom.github.io/search-guard-docs/exampleELK.html](http://floragunncom.github.io/search-guard-docs/exampleELK.html)
>
> > >
>
> > > I have,
>
> > > 1. installed the plugin using the below command,
>
> > > elasticsearch-plugin install -b com.floragunn:search-guard-5:5.4.0-12
>
> > >
>
> > > 2.Ran the sh install_demo_configuration.sh
>
> > > This modified the elasticsearch.yml file with searchguard ssl paths
>
> > >
>
> > >
>
> > > 3. Now ifi try to run sh sgadmin_demo.sh, I get the below error,
>
> > > Error: Could not find or load main class com.floragunn.searchguard.tools.SearchGuardAdmin
>
> > >
>
> > >
>
> > > Please let me know the issue here.
>
> > > And also i have generated SSL certificates which i want to use here. Not the ones that got generated. Please help me with this also.
>
> > >
>
> > > Regards,
>
> > >
>
> > > Vinod H Y
>
> > >
>
> > > On Mon, Jun 26, 2017 at 8:48 PM, SG <info@search-guard.com> wrote:
>
> > >
>
> > > > Am 26.06.2017 um 12:37 schrieb vinod hy <hy.vinod88@gmail.com>:
>
> > > >
>
> > > > Hi All,
>
> > > >
>
> > > > I am using ELK in my development environment and i was able to set it up properly in windows environment. The complete ELK flow is working fine and i am able to see output in kibana. Now my requirement is to secure the ELK communication using SSL certificates. I have used x-pack for the same and i was able to achieve it. Since its not free, i am exploring searchguard and i am stuck.
>
> > > >
>
> > >
>
> > > Where are you stuck? What have you tried, what is not working? Can you send more details and logoutput?
>
> > >
>
> > >
>
> > > > first of all please let me know if i can go ahead with searchguard. My application is an enterprise application. All the communication has to be made secure once the application goes to production environment.
>
> > >
>
> > > Search Guard should be running well on Windows.
>
> > >
>
> > > >
>
> > > > which one do you recommend. x-pack or searchguard. is only cost the difference? or is there any other difference.
>
> > >
>
> > > Depends on the features you need. For ore details about SG vs. X-Pack pls. contact us via mail or the contact form on the website ([https://floragunn.com/contact/](https://floragunn.com/contact/))
>
> > > Pls. see also [https://floragunn.com/search-guard-elasticsearch-faq/](https://floragunn.com/search-guard-elasticsearch-faq/) and [https://floragunn.com/searchguard-license-support/](https://floragunn.com/searchguard-license-support/)
>
> > >
>
> > > >
>
> > > > Regards,
>
> > > >
>
> > > > Vinod H Y
>
> > > >
>
> > > > --
>
> > > > You received this message because you are subscribed to the Google Groups "Search Guard" group.
>
> > > > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
>
> > > > To post to this group, send email to search-guard@googlegroups.com.
>
> > > > To view this discussion on the web visit [https://groups.google.com/d/msgid/search-guard/d7424d9a-618f-47d0-95f0-253d0f380bee%40googlegroups.com](https://groups.google.com/d/msgid/search-guard/d7424d9a-618f-47d0-95f0-253d0f380bee%40googlegroups.com).
>
> > > > For more options, visit [https://groups.google.com/d/optout](https://groups.google.com/d/optout).
>
> > >
>
> > > --
>
> > > You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
>
> > > To unsubscribe from this topic, visit [https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe](https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe).
>
> > > To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
>
> > > To post to this group, send email to search-guard@googlegroups.com.
>
> > > To view this discussion on the web visit [https://groups.google.com/d/msgid/search-guard/FA4E890E-BFCA-4E08-98DA-B7BCB6F0B720%40search-guard.com](https://groups.google.com/d/msgid/search-guard/FA4E890E-BFCA-4E08-98DA-B7BCB6F0B720%40search-guard.com).
>
> > > For more options, visit [https://groups.google.com/d/optout](https://groups.google.com/d/optout).
>
> > >
>
> > >
>
> > >
>
> > > --
>
> > > Regards,
>
> > >
>
> > > Vinod H Y
>
> > >
>
> > > --
>
> > > You received this message because you are subscribed to the Google Groups "Search Guard" group.
>
> > > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
>
> > > To post to this group, send email to search-guard@googlegroups.com.
>
> > > To view this discussion on the web visit [https://groups.google.com/d/msgid/search-guard/CAFPV%3DJVGDJtOn5n6cLLGK7yJoz5%2BisPOrAr4njV8y-84coKb4Q%40mail.gmail.com](https://groups.google.com/d/msgid/search-guard/CAFPV%3DJVGDJtOn5n6cLLGK7yJoz5%2BisPOrAr4njV8y-84coKb4Q%40mail.gmail.com).
>
> > > For more options, visit [https://groups.google.com/d/optout](https://groups.google.com/d/optout).
>
> >
>
> > --
>
> > You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
>
> > To unsubscribe from this topic, visit [https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe](https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe).
>
> > To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
>
> > To post to this group, send email to search-guard@googlegroups.com.
>
> > To view this discussion on the web visit [https://groups.google.com/d/msgid/search-guard/9AA196E3-79E1-4BDA-B434-B19F946F6B8A%40search-guard.com](https://groups.google.com/d/msgid/search-guard/9AA196E3-79E1-4BDA-B434-B19F946F6B8A%40search-guard.com).
>
> > For more options, visit [https://groups.google.com/d/optout](https://groups.google.com/d/optout).
>
> >
>
> >
>
> >
>
> > --
>
> > Regards,
>
> >
>
> > Vinod H Y
>
> >
>
> > --
>
> > You received this message because you are subscribed to the Google Groups "Search Guard" group.
>
> > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
>
> > To post to this group, send email to search-guard@googlegroups.com.
>
> For more options, visit [https://groups.google.com/d/optout](https://groups.google.com/d/optout).
> Install Plugin (online):
>
> C:\temp\elasticsearch-5.4.2>bin\elasticsearch-plugin install -b com.floragunn:search-guard-5:5.4.2-12
>
>
>
> Or install plugin offline (dowload search-guard-5-5.4.2-12.zip):
>
> C:\temp\elasticsearch-5.4.2>bin\elasticsearch-plugin install -b file:///c:\temp\search-guard-5-5.4.2-12.zip
>
>
>
> Get certificates from floragunn TLS certificate generator and put all *.jks files into the config/ folder of elasticsearch.
>
>
>
> Edit elasticsearch.yml and add:
>
>
>
> searchguard.authcz.admin_dn:
>
> - CN=sgadmin
>
>
>
> searchguard.ssl.transport.keystore_filepath: CN=test-keystore.jks
>
> searchguard.ssl.transport.keystore_password: 9eac388c9aaabec42528
>
> searchguard.ssl.transport.truststore_filepath: truststore.jks
>
> searchguard.ssl.transport.truststore_password: 2cef95ce1fceb3927cbe
>
>
>
> (The paswords are contained in the Readme of the certificate bundle, these here are just examples)
>
>
>
> Start elasticsearch and wait a minute until its started.
>
>
>
> Make sure JAVA_HOME is set:
>
> C:\temp\elasticsearch-5.4.2\plugins\search-guard-5\tools>echo %JAVA_HOME%
>
> C:\Program Files\Java\jre1.8.0_131
>
>
>
> If not set it to something like this:
>
> C:\temp\elasticsearch-5.4.2\plugins\search-guard-5\tools>set JAVA_HOME=C:\Program Files\Java\jre1.8.0_131
>
>
>
> Execute sgadmin to initialze Seatch Guard:
>
>
>
> C:\temp\elasticsearch-5.4.2\plugins\search-guard-5\tools>sgadmin.bat -cd ..\sgconfig -ts C:\temp\elasticsearch-5.4.2\config\truststore.jks -tspass 2cef95ce1fceb
>
> 3927cbe -ks “C:\temp\elasticsearch-5.4.2\config\CN=sgadmin-keystore.jks” -kspass 44491845dcdc0279d222 –nhnv
>
>
>
> (The paswords are contained in the Readme of the certificate bundle, these here are just examples)
>
>
>
> You're done
> > To view this discussion on the web visit [https://groups.google.com/d/msgid/search-guard/CAFPV%3DJW95FVkNwrJ0X2_Z4aF00XqXSyF5jZb5o2orG6cYsv39w%40mail.gmail.com](https://groups.google.com/d/msgid/search-guard/CAFPV%3DJW95FVkNwrJ0X2_Z4aF00XqXSyF5jZb5o2orG6cYsv39w%40mail.gmail.com).
>
> > For more options, visit [https://groups.google.com/d/optout](https://groups.google.com/d/optout).
>
>
>
> --
>
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard" group.
>
> To unsubscribe from this topic, visit [https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe](https://groups.google.com/d/topic/search-guard/qmHf_hLfIS0/unsubscribe).
>
> To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
>
> To post to this group, send email to search-guard@googlegroups.com.
>
> To view this discussion on the web visit [https://groups.google.com/d/msgid/search-guard/D10A0A71-8791-408A-AC6A-FBA3D13245CA%40search-guard.com](https://groups.google.com/d/msgid/search-guard/D10A0A71-8791-408A-AC6A-FBA3D13245CA%40search-guard.com).
--
Regards,
Vinod H Y
</details>