之前做ES鉴权遇到的问题,忘了记录,回过头来记录一下
环境openjdk1.8
ES鉴权生成CA证书报错
执行 ./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
命令报错
Please enter the desired output file [elastic-stack-ca.p12]: Enter password for elastic-stack-ca.p12 : Exception in thread "main" java.security.KeyStoreException: Key protection algorithm not found: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:677) at sun.security.pkcs12.PKCS12KeyStore.engineSetKeyEntry(PKCS12KeyStore.java:577) at java.security.KeyStore.setKeyEntry(KeyStore.java:1140) at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.lambda$writePkcs12$5(CertificateTool.java:557) at org.elasticsearch.xpack.security.cli.CertificateTool.withPassword(CertificateTool.java:957) at org.elasticsearch.xpack.security.cli.CertificateTool.access$100(CertificateTool.java:86) at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.writePkcs12(CertificateTool.java:555) at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateAuthorityCommand.lambda$writeCertificateAuthority$1(CertificateTool.java:902) at org.elasticsearch.xpack.security.cli.CertificateTool.fullyWriteFile(CertificateTool.java:1020) at org.elasticsearch.xpack.security.cli.CertificateTool.access$500(CertificateTool.java:86) at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateAuthorityCommand.writeCertificateAuthority(CertificateTool.java:901) at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateAuthorityCommand.execute(CertificateTool.java:892) at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:75) at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:116) at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:80) at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:116) at org.elasticsearch.cli.Command.main(Command.java:79) at org.elasticsearch.xpack.security.cli.CertificateTool.main(CertificateTool.java:138) Caused by: java.security.UnrecoverableKeyException: Encrypt Private Key failed: unrecognized algorithm name: PBEWithSHA1AndDESede at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:921) at sun.security.pkcs12.PKCS12KeyStore.setKeyEntry(PKCS12KeyStore.java:614) ... 17 more Caused by: java.security.NoSuchAlgorithmException: unrecognized algorithm name: PBEWithSHA1AndDESede at sun.security.x509.AlgorithmId.get(AlgorithmId.java:448) at sun.security.pkcs12.PKCS12KeyStore.mapPBEAlgorithmToOID(PKCS12KeyStore.java:938) at sun.security.pkcs12.PKCS12KeyStore.encryptPrivateKey(PKCS12KeyStore.java:895) ... 18 more
原因
openjdk1.8.0不支持PBEWithSHA1AndDESede
解决
修改jdk版本为jdk1.8.0_131