I installed on ElasticSearch 2.3.1 the last version of Search Guard: search-guard-2(
Apr 21 14:56:48 usve77073 elasticsearch: log4j:WARN No appenders could be found for logger (common).
Apr 21 14:56:48 usve77073 elasticsearch: log4j:WARN Please initialize the log4j system properly.
for more info.
Apr
21 14:56:49 usve77073 elasticsearch: [2016-04-21 14:56:49,228][WARN
][bootstrap ] unable to install syscall filter: seccomp
unavailable: CONFIG_SECCOMP not compiled into kernel, CONFIG_SECCOMP and
CONFIG_SECCOMP_FILTER are needed
Apr 21 14:56:49 usve77073
elasticsearch: [2016-04-21 14:56:49,384][INFO ][node
] [Deathurge] version[2.3.1], pid[12243], build[bd98092/2016-04-04T12:
25:05Z]
Apr
21 14:56:49 usve77073 elasticsearch: [2016-04-21 14:56:49,384][INFO
][node ] [Deathurge] initializing ...
Apr 21 14:56:50 usve77073 elasticsearch: ************************************************
Apr 21 14:56:50 usve77073 elasticsearch: This is alpha software, do not use in production
Apr 21 14:56:50 usve77073 elasticsearch: ************************************************
Apr
21 14:56:50 usve77073 elasticsearch: [2016-04-21 14:56:50,026][INFO
][plugins ] [Deathurge] modules [reindex,
lang-expression, lang-groovy], plugins [search-guard-ssl,
search-guard-2], sites []
Apr 21 14:56:50 usve77073 elasticsearch:
[2016-04-21 14:56:50,053][INFO ][env ] [Deathurge]
using [1] data paths, mounts [[/ (/dev/vzfs)]], net usable_space
[375.3gb], net total_space [400gb], spins? [possibly], types [reiserfs]
Apr
21 14:56:50 usve77073 elasticsearch: [2016-04-21 14:56:50,053][INFO
][env ] [Deathurge] heap size [989.8mb], compressed
ordinary object pointers [true]
Apr 21 14:56:50 usve77073
elasticsearch: [2016-04-21 14:56:50,053][WARN ][env
] [Deathurge] max file descriptors [65535] for elasticsearch process
likely too low, consider increasing to at least [65536]
Apr 21 14:56:50 usve77073 elasticsearch: [2016-04-21 14:56:50,103][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore]
Open SSL not available (this is not an error, we simply fallback to
built-in JDK SSL) because of java.lang.ClassNotFoundException: org.apache.tomcat.jni.SSL
Apr 21 14:56:50 usve77073 elasticsearch: [2016-04-21 14:56:50,104][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore]
Config directory is /etc/elasticsearch/, from there the key- and
truststore files are resolved relatively
Apr 21 14:56:50 usve77073 elasticsearch: [2016-04-21 14:56:50,104][INFO ][com.floragunn.searchguard.ssl.SearchGuardKeyStore] Effective settings:
Apr 21 14:56:50 usve77073 elasticsearch: client.type=node
Apr 21 14:56:50 usve77073 elasticsearch:
cluster.name=elasticsearch
Apr 21 14:56:50 usve77073 elasticsearch: config.ignore_system_properties=true
Apr 21 14:56:50 usve77073 elasticsearch: name=Deathurge
Apr 21 14:56:50 usve77073 elasticsearch: path.conf=/etc/elasticsearch
Apr 21 14:56:50 usve77073 elasticsearch: path.data=/var/lib/elasticsearch
Apr 21 14:56:50 usve77073 elasticsearch: path.home=/usr/share/elasticsearch
Apr 21 14:56:50 usve77073 elasticsearch: path.logs=/var/log/elasticsearch
Apr 21 14:56:50 usve77073 elasticsearch: pidfile=/var/run/elasticsearch/elasticsearch.pid
Apr 21 14:56:50 usve77073 elasticsearch: searchguard.ssl.transport.enabled=true
Apr 21 14:56:50 usve77073 elasticsearch: searchguard.ssl.transport.keystore_filepath=/etc/elasticsearch/instore-keystore.jks
Apr 21 14:56:50 usve77073 elasticsearch: searchguard.ssl.transport.keystore_password=*********
Apr 21 14:56:50 usve77073 elasticsearch: searchguard.ssl.transport.keystore_type=JKS
Apr 21 14:56:50 usve77073 elasticsearch: searchguard.ssl.transport.truststore_filepath=/etc/elasticsearch/truststore.jks
Apr 21 14:56:50 usve77073 elasticsearch: searchguard.ssl.transport.truststore_password=*********
Apr 21 14:56:50 usve77073 elasticsearch: searchguard.ssl.transport.truststore_type=JKS
Apr 21 14:56:50 usve77073 elasticsearch: security.manager.enabled=false
Apr
21 14:56:50 usve77073 elasticsearch: Exception in thread "main"
ElasticsearchException[Cannot recover key]; nested:
UnrecoverableKeyException[Cannot recover key];
Apr 21 14:56:50 usve77073 elasticsearch: Likely root cause: java.security.UnrecoverableKeyException: Cannot recover key
Apr 21 14:56:50 usve77073 elasticsearch: at sun.security.provider.KeyProtector.recover(KeyProtector.java:328)
Apr 21 14:56:50 usve77073 elasticsearch: at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:146)
Apr 21 14:56:50 usve77073 elasticsearch: at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:56)
Apr 21 14:56:50 usve77073 elasticsearch: at sun.security.provider.KeyStoreDelegator.engineGetKey(KeyStoreDelegator.java:96)
Apr 21 14:56:50 usve77073 elasticsearch: at sun.security.provider.JavaKeyStore$DualFormatJKS.engineGetKey(JavaKeyStore.java:70)
Apr 21 14:56:50 usve77073 elasticsearch: at java.security.KeyStore.getKey(KeyStore.java:1023)
Apr 21 14:56:50 usve77073 elasticsearch: at com.floragunn.searchguard.ssl.util.SSLCertificateHelper.exportDecryptedKey(SSLCertificateHelper.java:84)
Apr 21 14:56:50 usve77073 elasticsearch: at com.floragunn.searchguard.ssl.SearchGuardKeyStore.initSSLConfig(SearchGuardKeyStore.java:192)
Apr 21 14:56:50 usve77073 elasticsearch: at com.floragunn.searchguard.ssl.SearchGuardKeyStore.<init>(SearchGuardKeyStore.java:132)
Apr 21 14:56:50 usve77073 elasticsearch: at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:29)
Apr 21 14:56:50 usve77073 elasticsearch: at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:113)
Apr 21 14:56:50 usve77073 elasticsearch: at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
Apr 21 14:56:50 usve77073 elasticsearch: at org.elasticsearch.node.Node.<init>(Node.java:179)
Apr 21 14:56:50 usve77073 elasticsearch: at org.elasticsearch.node.Node.<init>(Node.java:140)
Apr 21 14:56:50 usve77073 elasticsearch: at org.elasticsearch.node.NodeBuilder.build(NodeBuilder.java:143)
Apr 21 14:56:50 usve77073 elasticsearch: at org.elasticsearch.bootstrap.Bootstrap.setup(Bootstrap.java:178)
Apr 21 14:56:50 usve77073 elasticsearch: at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:270)
Apr 21 14:56:50 usve77073 elasticsearch: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:35)
Apr 21 14:56:50 usve77073 elasticsearch: Refer to the log for complete error details.
NOTE: The passwords are in text. i changed for *** in post.