specifying storetype with sgadmin.sh
97 views
Skip to first unread message
Max Furman
Jun 28, 2016, 5:17:26 PM6/28/16
to Search Guard
When I run sgadmin I get the following output:
/usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/ -ks elasticsearch-client-keystore.jks -ts staging-elasticsearch-client-truststore.jks -nhnv
Connect to localhost:9300
Exception in thread "main" ElasticsearchSecurityException[java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.]; nested: IOException[DerInputStream.getLength(): lengthTag=109, too big.];
at com.floragunn.searchguard.ssl.SearchGuardKeyStore.initSSLConfig(SearchGuardKeyStore.java:261)
at com.floragunn.searchguard.ssl.SearchGuardKeyStore.<init>(SearchGuardKeyStore.java:139)
at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:29)
at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:129)
at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
at org.elasticsearch.client.transport.TransportClient$Builder.build(TransportClient.java:139)
at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:198)
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:561)
at sun.security.util.DerValue.init(DerValue.java:365)
at sun.security.util.DerValue.<init>(DerValue.java:320)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914)
at java.security.KeyStore.load(KeyStore.java:1445)
at com.floragunn.searchguard.ssl.SearchGuardKeyStore.initSSLConfig(SearchGuardKeyStore.java:208)
... 6 more
The keystore and truststore are of type JKS, but it seems that they are possibly being treated as PKCS12 by Elasticsearch. Is there a way to set the storetype in the sgadmin.sh command?
Max Furman
Jun 28, 2016, 5:40:05 PM6/28/16
to Search Guard
So, it seems the file names need to end with '.jks' in order to be parsed as JKS type instead of PKCS12.
Max Furman
Jun 28, 2016, 5:40:18 PM6/28/16
to Search Guard
On Tuesday, June 28, 2016 at 2:17:26 PM UTC-7, Max Furman wrote:
SG
Jun 29, 2016, 2:51:44 AM6/29/16
to search...@googlegroups.com
yes, you are right. The keystore type is detected by looking on the file extension.
If this is an issue for you pls. open a new github issue and we will fix that.
> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c735f2cb-2cfb-4e2b-892c-9dc306e4a4c5%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
If this is an issue for you pls. open a new github issue and we will fix that.
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c735f2cb-2cfb-4e2b-892c-9dc306e4a4c5%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages