ERR: You try to connect with a ssl node certificate instead of an admin client certificate
This may have worked in previous versions of Search Guard but is now forbidden
For more informations look here: https://github.com/floragunncom/search-guard-docs/blob/master/sgadmin.md#configuring-the-admin-certificate
# cat /etc/elasticsearch/elasticsearch.yml
cluster.name: quicollectdevnetwork.host: localhostbootstrap.memory_lock: truenode.master: 1node.data: 1transport.tcp.port: 9300http.port: 9200discovery.zen.ping.unicast.hosts: ["192.168.*.*"]searchguard.ssl.transport.enable_openssl_if_available: falsesearchguard.ssl.transport.keystore_filepath: CN=qcmi03.inetworking.it-keystore.jkssearchguard.ssl.transport.keystore_password: password-generatedsearchguard.ssl.transport.truststore_filepath: truststore.jkssearchguard.ssl.transport.truststore_password: password-generatedsearchguard.ssl.transport.enforce_hostname_verification: falsesearchguard.ssl.transport.resolve_hostname: falsesearchguard.ssl.http.enabled: falsesearchguard.ssl.http.truststore_filepath: truststore.jkssearchguard.ssl.http.truststore_password: password-generatedsearchguard.ssl.http.keystore_filepath: CN=qcmi03.inetworking.it-keystore.jkssearchguard.ssl.http.keystore_password: password-generated
searchguard.authcz.admin_dn: - CN=sgadmin
[root@qcmidev tools]# pwd/usr/share/elasticsearch/plugins/search-guard-5/tools[root@qcmidev tools]# lltotal 576-rw-r--r-- 1 elasticsearch elasticsearch 4060 4 ott 15.59 CN=sgadmin-keystore.jks-rw-r--r-- 1 root root 214 4 ott 11.43 hash.bat-rwxr-xr-x 1 root root 373 4 ott 11.43 hash.sh-rwxr-xr-x 1 root root 18449 4 ott 11.43 install_demo_configuration.sh-rw-r--r-- 1 root root 282 4 ott 11.43 sgadmin.bat-rw-r--r-- 1 root root 542883 4 ott 16.21 sgadmin_diag_trace_2017-Oct-04_16-21-25.txt-rwxr-xr-x 1 root root 414 4 ott 11.43 sgadmin.sh-rw-r--r-- 1 elasticsearch elasticsearch 972 4 ott 15.59 truststore.jks
# pwd/usr/share/elasticsearch/plugins/search-guard-5/tools
# sgadmin.sh -ts truststore.jks -tspass ************** -ks sgadmin-keystore.jks -kspass *************** -nhnv -icl -cd ../sgconfig/