TSLtool doesn't create nodes sertificate

Search Guard
1

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version 6.2.2

  • JVM version and operating system version build 1.8.0_161-b12

  • Search Guard configuration files

I has root-ca.pem and .key in ./out folder.

When I write ./sgtlstool.sh -c …/config/test.yml -crt:

Exception in thread “main” java.lang.NullPointerException
at com.floragunn.searchguard.tools.tlstool.tasks.LoadCa.(LoadCa.java:51)
at com.floragunn.searchguard.tools.tlstool.SearchGuardTlsTool.run(SearchGuardTlsTool.java:184)
at com.floragunn.searchguard.tools.tlstool.SearchGuardTlsTool.main(SearchGuardTlsTool.java:65)

and node certs not created.

test.yml:

···

ca:
root:

dn: CN=Taxnet Root CA,OU=Taxnet Root CA,O=Taxnet Root CA

keysize: 2048

validityDays: 3650

  pkPassword: GO0FNhUQGURr
  file: root-ca.pem

defaults:
validityDays: 3650
pkPassword: auto
generatedPasswordLength: 12
httpsEnabled: true
reuseTransportCertificatesForHttp: true
nodes:

- name: logstash.taxnet.ru

dn: CN=logstash.taxnet.ru

dns: logstash.taxnet.ru

- name: elastic1

dn: CN=elastic1

dns: elastic1

- name: elastic2

dn: CN=elastic2

dns: elastic2

- name: elastic3

dn: CN=elastic3

dns: elastic3

- name: elastic4

dn: CN=elastic4

dns: elastic4

  • name: elastic-netflow
    dn: CN=elastic-netflow
    dns: elastic-netflow
    #clients:

- name: sgadmin

dn: CN=sgadmin

admin: true

- name: user

dn: CN=user

- name: logstash

dn: CN=logstash

admin: true

2

That might be an issue with the 1.1 release of the tool. Can I ask you to try again with v1.2. (just released):

https://search.maven.org/remotecontent?filepath=com/floragunn/search-guard-tlstool/1.2/search-guard-tlstool-1.2.zip

···

On Tuesday, April 24, 2018 at 5:50:17 AM UTC-7, Sergey Murashov wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version 6.2.2
  • JVM version and operating system version build 1.8.0_161-b12
  • Search Guard configuration files

I has root-ca.pem and .key in ./out folder.

When I write ./sgtlstool.sh -c …/config/test.yml -crt:

Exception in thread “main” java.lang.NullPointerException
at com.floragunn.searchguard.tools.tlstool.tasks.LoadCa.(LoadCa.java:51)
at com.floragunn.searchguard.tools.tlstool.SearchGuardTlsTool.run(SearchGuardTlsTool.java:184)
at com.floragunn.searchguard.tools.tlstool.SearchGuardTlsTool.main(SearchGuardTlsTool.java:65)

and node certs not created.

test.yml:

ca:
root:

dn: CN=Taxnet Root CA,OU=Taxnet Root CA,O=Taxnet Root CA

keysize: 2048

validityDays: 3650

  pkPassword: GO0FNhUQGURr
  file: root-ca.pem

defaults:
validityDays: 3650
pkPassword: auto
generatedPasswordLength: 12
httpsEnabled: true
reuseTransportCertificatesForHttp: true
nodes:

- name: logstash.taxnet.ru

dn: CN=logstash.taxnet.ru

dns: logstash.taxnet.ru

- name: elastic1

dn: CN=elastic1

dns: elastic1

- name: elastic2

dn: CN=elastic2

dns: elastic2

- name: elastic3

dn: CN=elastic3

dns: elastic3

- name: elastic4

dn: CN=elastic4

dns: elastic4

  • name: elastic-netflow
    dn: CN=elastic-netflow
    dns: elastic-netflow
    #clients:

- name: sgadmin

dn: CN=sgadmin

admin: true

- name: user

dn: CN=user

- name: logstash

dn: CN=logstash

admin: true

3

Thank you. It's work!!)

4

Thank you. It’s work!!)

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a04e56e5-5d9a-473e-9f18-efc3ff2166e0%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

···

On Wed, Apr 25, 2018, 13:51 Sergey Murashov sergey.murashow@gmail.com wrote: