Elasticsearch7.1.1配置密码和SSL证书

生成SSL证书 ./elasticsearch-certutil ca -out config/certs/elastic-certificates.p12 -pass

 我这里没有设置ssl证书密码，如果需要设置密码，需要再配置给elasticsearch

在之前的步骤中，如果我们对elastic-certificates.p12 文件配置了密码，需要配置密码。输入密码：生成密钥步骤设置的密码 bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password 配置验证 elasticsearch.yml

config目录里，编辑elasticsearch.yml文件，增加下面配置

# 配置X-Pack http.cors.enabled: true http.cors.allow-origin: "*" http.cors.allow-headers: Authorization xpack.security.enabled: true xpack.security.transport.ssl.enabled: true # 证书配置 xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12 重启elasticsearch服务 设置密码 bin/elasticsearch-setup-passwords interactive

为每个elasticsearch用户输入两次密码，

登录验证

浏览器直接访问http://127.0.0.1:9200,会出现输入用户名、密码的弹窗，输入elastic和密码后，才能看到elasticsearch信息；

*如果密码忘了怎么办？如何重置密码？ 1、修改elasticsearch.yml 配置，将身份验证相关配置屏蔽掉； 2、重启ES,查看下索引,发现多了一个.security-7索引，将其删除 3、到此就回到ES没有设置密码的阶段了，如果想重新设置密码，请从第一步开始 相关问题

x-pack 密钥配置问题

[2021-11-18T09:14:10,976][WARN ][o.e.b.ElasticsearchUncaughtExceptionHandler] [es02] uncaught exception in thread [main] org.elasticsearch.bootstrap.StartupException: java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.xpack.core.XPackPlugin]   at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:163) ~[elasticsearch-7.4.2.jar:7.4.2]   at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:150) ~[elasticsearch-7.4.2.jar:7.4.2]   at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) ~[elasticsearch-7.4.2.jar:7.4.2]   at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125) ~[elasticsearch-cli-7.4.2.jar:7.4.2]   at org.elasticsearch.cli.Command.main(Command.java:90) ~[elasticsearch-cli-7.4.2.jar:7.4.2]   at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:115) ~[elasticsearch-7.4.2.jar:7.4.2]   at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) ~[elasticsearch-7.4.2.jar:7.4.2] Caused by: java.io.IOException: keystore password was incorrect   at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2118) ~[?:?]   at sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222) ~[?:?]   at java.security.KeyStore.load(KeyStore.java:1472) ~[?:?]   at org.elasticsearch.xpack.core.ssl.TrustConfig.getStore(TrustConfig.java:97) ~[?:?]   at org.elasticsearch.xpack.core.ssl.StoreTrustConfig.createTrustManager(StoreTrustConfig.java:65) ~[?:?]   at org.elasticsearch.xpack.core.ssl.SSLService.createSslContext(SSLService.java:384) ~[?:?]   at java.util.HashMap puteIfAbsent(HashMap.java:1138) ~[?:?]   ... 6 more Caused by: java.security.UnrecoverableKeyException: failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.   at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:2118) ~[?:?]   at sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222) ~[?:?]   at java.security.KeyStore.load(KeyStore.java:1472) ~[?:?]   ... 6 more

 解决办法：

1：可能是elastic-certificates.p12文件归属权不属于es账号所拥有

#执行以下语句，把整个目录的归属权给es账号 chown -R es:es /usr/local/huaxing/elasticsearch-7.4.2-8200 chmod 777 elastic-certificates.p12 2：若是上述问题还没解决，那可能是在生成密钥时设置了密码，需要执行以下命令。弹出提示输入密码就是在生成密钥时设置的密码

./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password ./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password