0

I am using Open Distro for Elasticsearch rpm. I have setup my LDAP server in config.yml. However when I start my elasticsearch cluster, it gives me this error "Empty file path for opendistro_security.ssl.transport.truststore_ filepath". I am using demo certificates which are given by open distro. Can someone please tell me how can I generate keystore and truststore for demo certificates in Opendistro for elasticsearch?

I tried using demo certificates, but it is not working.

The error I am getting is Empty file path for opendistro_security.ssl.transport.truststore_filepath

hmty
  • 1
  • 1
  • Everything should be explained here: https://opendistro.github.io/for-elasticsearch-docs/docs/security-configuration/generate-certificates/ Try it out and let us know if that still doesn't work – Val Jun 27 '19 at 06:12
  • @Val Thank you for your response. I followed the steps to generate all these certificates. I am also following the demo blog from [link](https://aws.amazon.com/blogs/opensource/add-ssl-certificates-open-distro-for-elasticsearch/ ) Where it says in kibana.yml file add lines ` server.ssl.enabled: true server.ssl.key: server.ssl.certificate: ` Thank you! I don't understand which certificate path to put? Do I need to put **esnode-key.pem** and **esnode.pem** ? Please correct me if I am wrong. – hmty Jun 27 '19 at 13:52
  • As [explained here](https://www.elastic.co/guide/en/kibana/current/configuring-tls.html), you need to generate another certificate for Kibana, which is used to encrypt the communication between the browser and the Kibana server. – Val Jun 27 '19 at 13:54
  • @Val thank you. I will try out that solution. – hmty Jun 27 '19 at 14:13
  • @Val I generated all the certificates required and tried to run the securityadmin.sh script, with all the cert paths I am getting this error when I run that script: `Cannot retrieve cluster state due to: No user found for cluster:monitor/health. This is not an error, will keep on trying ... Root cause: ElasticsearchSecurityException[No user found for cluster:monitor/health] (org.elasticsearch.ElasticsearchSecurityException/org.elasticsearch.ElasticsearchSecurityException)` – hmty Jun 27 '19 at 14:54
  • @Val here is the content of my elasticsearch file `opendistro_security.ssl.transport.pemcert_filepath: /etc/elasticsearch/config/node.pem opendistro_security.ssl.transport.pemkey_filepath: /etc/elasticsearch/config/node-key.pem opendistro_security.ssl.transport.pemtrustedcas_filepath: /etc/elasticsearch/config/root-ca.pem opendistro_security.ssl.http.enabled: true opendistro_security.ssl.http.pemcert_filepath: /etc/elasticsearch/config/node.pem opendistro_security.ssl.http.pemkey_filepath: /etc/elasticsearch/config/node-key.pem ` – hmty Jun 27 '19 at 15:03
  • @Val I got SSL working but I still dont know what to put for ` opendistro_security.ssl.transport.truststore_filepath` should it be admin, root or node? – hmty Jun 27 '19 at 18:51

0 Answers0