1

我正在设置一个 6.1.2 Windows 集群并拥有金牌许可证。这是集群中的第一台机器,所以我生成了一个带有密码的 CA 证书并将其放在 ES_HOME 配置目录中。

elasticsearch.yml 文件中的相关键:

xpack.ssl.keystore.path:弹性堆栈测试ca.p12

xpack.ssl.truststore.path:弹性堆栈测试ca.p12

xpack.security.transport.ssl.enabled:真

xpack.security.transport.ssl.verification_mode:证书

xpack.security.http.ssl.enabled:真

我已经浏览了文档,目前正在尝试完成Elasticsearch 安装的第 7 步。

不幸的是,这个命令“Elasticsearch\6.1.2\bin\x-pack\setup-passwords auto”引发了异常。

例外:

Exception in thread "main" ElasticsearchException[failed to initialize a TrustManagerFactory]; nested: IOException[keystore password was incorrect]; nested: UnrecoverableKeyException[failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded];
at org.elasticsearch.xpack.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:61)
at org.elasticsearch.xpack.ssl.SSLService.createSslContext(SSLService.java:408)
at org.elasticsearch.xpack.ssl.SSLService.loadSSLConfigurations(SSLService.java:444)
at org.elasticsearch.xpack.ssl.SSLService.(SSLService.java:87)
at org.elasticsearch.xpack.security.authc.esnative.tool.CommandLineHttpClient.postURL(CommandLineHttpClient.java:91)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$SetupCommand.checkElasticKeystorePasswordValid(SetupPasswordTool.java:278)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool$AutoSetup.execute(SetupPasswordTool.java:127)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:75)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:124)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.xpack.security.authc.esnative.tool.SetupPasswordTool.main(SetupPasswordTool.java:105)
Caused by: java.io.IOException: keystore password was incorrect
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2059)
at java.security.KeyStore.load(KeyStore.java:1445)
at org.elasticsearch.xpack.ssl.CertUtils.readKeyStore(CertUtils.java:230)
at org.elasticsearch.xpack.ssl.CertUtils.trustManager(CertUtils.java:221)
at org.elasticsearch.xpack.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:59)

我在 Set Passwords 命令中看不到您传递密钥库密码的任何地方。

希望有人可以阐明我可能做错了什么,或者我的下一步。此错误阻止我安装 Kibana 和 Logstash。

谢谢你,斯蒂芬

4

1 回答 1

0

经过一番挖掘,结果发现我的 JAVA HOME 指向的是 9.x 版本,一旦我将 HOME 更改为兼容版本,在这种情况下为 8,一切都按记录运行。

于 2018-03-01T13:40:36.540 回答