sgadmin.sh error

Am 04.08.2016 um 11:48 schrieb SAI KRISHNA GHANTA <ghanta.saikrishna@gmail.com>:

[root@elkman ~]$ /usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh -h 192.168.0.1 -p 9300 -ks /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/kirk-keystore.jks -ts /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/truststore.jks -kspass changeit -tspass changeit -cd /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/ -cn es_cluster -sniff -us 0
Connect to 192.168.0.1:9300
[09:36:21,060][ERROR] org.elasticsearch.com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - [Karen Page] SSL Problem General OpenSslEngine problem
javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
        at io.netty.handler.ssl.OpenSslContext$AbstractCertificateVerifier.verify(OpenSslContext.java:465)
        at org.apache.tomcat.jni.SSL.readFromSSL(Native Method)
        at io.netty.handler.ssl.OpenSslEngine.readPlaintextData(OpenSslEngine.java:377)
        at io.netty.handler.ssl.OpenSslEngine.unwrap(OpenSslEngine.java:725)
        at io.netty.handler.ssl.OpenSslEngine.unwrap(OpenSslEngine.java:831)
        at io.netty.handler.ssl.OpenSslEngine.unwrap(OpenSslEngine.java:874)
        at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1218)
        at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)
        at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
        at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
        at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
        at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
        at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
        at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
        at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
        at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
        at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
        at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
        at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at java.lang.Thread.run(Thread.java:745)
Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching ip-192.168.0.1 found.
        at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:204)
        at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
        at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
        at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
        at io.netty.handler.ssl.OpenSslClientContext$1.verify(OpenSslClientContext.java:256)
        at io.netty.handler.ssl.OpenSslContext$AbstractCertificateVerifier.verify(OpenSslContext.java:461)
        ... 24 more
ERR: Cannot connect to elasticsearch. Please refer to elasticsearch logfile for more information
Trace:
NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{192.168.0.1}{localhost/192.168.0.1:9300}]]
        at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:290)
        at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:207)
        at org.elasticsearch.client.transport.support.TransportProxyClient.execute(TransportProxyClient.java:55)
        at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:288)
        at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:359)
        at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:348)
        at com.floragunn.searchguard.tools.SearchGuardAdmin.main0(SearchGuardAdmin.java:250)
        at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:72)

[root@elkman ~]$ netstat -anp | grep LISTEN | grep java
tcp6 0 0 192.168.0.1:9200 :::* LISTEN 8364/java
tcp6 0 0 192.168.0.1:9201 :::* LISTEN 8276/java
tcp6 0 0 192.168.0.1:9202 :::* LISTEN 8455/java
tcp6 0 0 192.168.0.1:9300 :::* LISTEN 8276/java
tcp6 0 0 192.168.0.1:9301 :::* LISTEN 8364/java
tcp6 0 0 192.168.0.1:9302 :::* LISTEN 8455/java

PIDs:
8276: ES-Master Node
8364: ES-Data Node
8455: ES-SLB Node

Please help me.

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2835146f-0606-41a1-a5ee-57bbe0971989%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.

On Thursday, 4 August 2016 22:22:03 UTC+2, SG wrote:

Add -nhnv to sgadmin.sh command line and make sure in elasticsearch.yml you configure

searchguard.ssl.transport.enforce_hostname_verification: false

Am 04.08.2016 um 11:48 schrieb SAI KRISHNA GHANTA ghanta.s...@gmail.com:

[root@elkman ~]$ /usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh -h 192.168.0.1 -p 9300 -ks /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/kirk-keystore.jks -ts /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/truststore.jks -kspass changeit -tspass changeit -cd /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/ -cn es_cluster -sniff -us 0

Connect to 192.168.0.1:9300

[09:36:21,060][ERROR] org.elasticsearch.com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - [Karen Page] SSL Problem General OpenSslEngine problem

javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem

    at io.netty.handler.ssl.OpenSslContext$AbstractCertificateVerifier.verify(OpenSslContext.java:465)

    at org.apache.tomcat.jni.SSL.readFromSSL(Native Method)

    at io.netty.handler.ssl.OpenSslEngine.readPlaintextData(OpenSslEngine.java:377)

    at io.netty.handler.ssl.OpenSslEngine.unwrap(OpenSslEngine.java:725)

    at io.netty.handler.ssl.OpenSslEngine.unwrap(OpenSslEngine.java:831)

    at io.netty.handler.ssl.OpenSslEngine.unwrap(OpenSslEngine.java:874)

    at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1218)

    at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)

    at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)

    at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)

    at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)

    at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)

    at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)

    at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)

    at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)

    at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)

    at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)

    at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)

    at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)

    at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)

    at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)

    at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

    at java.lang.Thread.run(Thread.java:745)

Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching ip-192.168.0.1 found.

    at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:204)

    at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)

    at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)

    at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)

    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252)

    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)

    at io.netty.handler.ssl.OpenSslClientContext$1.verify(OpenSslClientContext.java:256)

    at io.netty.handler.ssl.OpenSslContext$AbstractCertificateVerifier.verify(OpenSslContext.java:461)

    ... 24 more

ERR: Cannot connect to elasticsearch. Please refer to elasticsearch logfile for more information

Trace:

NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{192.168.0.1}{localhost/192.168.0.1:9300}]]

    at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:290)

    at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:207)

    at org.elasticsearch.client.transport.support.TransportProxyClient.execute(TransportProxyClient.java:55)

    at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:288)

    at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:359)

    at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:348)

    at com.floragunn.searchguard.tools.SearchGuardAdmin.main0(SearchGuardAdmin.java:250)

    at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:72)

[root@elkman ~]$ netstat -anp | grep LISTEN | grep java

tcp6 0 0 192.168.0.1:9200 :::* LISTEN 8364/java

tcp6 0 0 192.168.0.1:9201 :::* LISTEN 8276/java

tcp6 0 0 192.168.0.1:9202 :::* LISTEN 8455/java

tcp6 0 0 192.168.0.1:9300 :::* LISTEN 8276/java

tcp6 0 0 192.168.0.1:9301 :::* LISTEN 8364/java

tcp6 0 0 192.168.0.1:9302 :::* LISTEN 8455/java

PIDs:

8276: ES-Master Node

8364: ES-Data Node

8455: ES-SLB Node

Please help me.

–
You received this message because you are subscribed to the Google Groups “Search Guard” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2835146f-0606-41a1-a5ee-57bbe0971989%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Am 04.08.2016 um 22:28 schrieb SAI KRISHNA GHANTA <ghanta.saikrishna@gmail.com>:

On Thursday, 4 August 2016 22:22:03 UTC+2, SG wrote:
Add -nhnv to sgadmin.sh command line and make sure in elasticsearch.yml you configure

searchguard.ssl.transport.enforce_hostname_verification: false

> Am 04.08.2016 um 11:48 schrieb SAI KRISHNA GHANTA <ghanta.s...@gmail.com>:
>
> [root@elkman ~]$ /usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh -h 192.168.0.1 -p 9300 -ks /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/kirk-keystore.jks -ts /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/truststore.jks -kspass changeit -tspass changeit -cd /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/ -cn es_cluster -sniff -us 0
> Connect to 192.168.0.1:9300
> [09:36:21,060][ERROR] org.elasticsearch.com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport - [Karen Page] SSL Problem General OpenSslEngine problem
> javax.net.ssl.SSLHandshakeException: General OpenSslEngine problem
> at io.netty.handler.ssl.OpenSslContext$AbstractCertificateVerifier.verify(OpenSslContext.java:465)
> at org.apache.tomcat.jni.SSL.readFromSSL(Native Method)
> at io.netty.handler.ssl.OpenSslEngine.readPlaintextData(OpenSslEngine.java:377)
> at io.netty.handler.ssl.OpenSslEngine.unwrap(OpenSslEngine.java:725)
> at io.netty.handler.ssl.OpenSslEngine.unwrap(OpenSslEngine.java:831)
> at io.netty.handler.ssl.OpenSslEngine.unwrap(OpenSslEngine.java:874)
> at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1218)
> at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)
> at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
> at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
> at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
> at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
> at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
> at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
> at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
> at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
> at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
> at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
> at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
> at java.lang.Thread.run(Thread.java:745)
> Caused by: java.security.cert.CertificateException: No subject alternative DNS name matching ip-192.168.0.1 found.
> at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:204)
> at sun.security.util.HostnameChecker.match(HostnameChecker.java:95)
> at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
> at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:436)
> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:252)
> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
> at io.netty.handler.ssl.OpenSslClientContext$1.verify(OpenSslClientContext.java:256)
> at io.netty.handler.ssl.OpenSslContext$AbstractCertificateVerifier.verify(OpenSslContext.java:461)
> ... 24 more
> ERR: Cannot connect to elasticsearch. Please refer to elasticsearch logfile for more information
> Trace:
> NoNodeAvailableException[None of the configured nodes are available: [{#transport#-1}{192.168.0.1}{localhost/192.168.0.1:9300}]]
> at org.elasticsearch.client.transport.TransportClientNodesService.ensureNodesAreAvailable(TransportClientNodesService.java:290)
> at org.elasticsearch.client.transport.TransportClientNodesService.execute(TransportClientNodesService.java:207)
> at org.elasticsearch.client.transport.support.TransportProxyClient.execute(TransportProxyClient.java:55)
> at org.elasticsearch.client.transport.TransportClient.doExecute(TransportClient.java:288)
> at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:359)
> at org.elasticsearch.client.support.AbstractClient.execute(AbstractClient.java:348)
> at com.floragunn.searchguard.tools.SearchGuardAdmin.main0(SearchGuardAdmin.java:250)
> at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:72)
>
> [root@elkman ~]$ netstat -anp | grep LISTEN | grep java
> tcp6 0 0 192.168.0.1:9200 :::* LISTEN 8364/java
> tcp6 0 0 192.168.0.1:9201 :::* LISTEN 8276/java
> tcp6 0 0 192.168.0.1:9202 :::* LISTEN 8455/java
> tcp6 0 0 192.168.0.1:9300 :::* LISTEN 8276/java
> tcp6 0 0 192.168.0.1:9301 :::* LISTEN 8364/java
> tcp6 0 0 192.168.0.1:9302 :::* LISTEN 8455/java
>
> PIDs:
> 8276: ES-Master Node
> 8364: ES-Data Node
> 8455: ES-SLB Node
>
>
> Please help me.
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/2835146f-0606-41a1-a5ee-57bbe0971989%40googlegroups.com\.
> For more options, visit https://groups.google.com/d/optout\.

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/8602abb1-60a3-4dbc-8929-399365b0ce29%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.