全部报错:
ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to create trust manager]; nested: ElasticsearchException[failed to initialize SSL TrustManager - access to read keystore file [/home/nc047262/elk/elastic/elasticsearch-7.17.0/elastic-stack-ca.p12] is blocked; SSL resources should be placed in the [/home/nc047262/elk/elastic/elasticsearch-7.17.0/config] directory]; nested: AccessControlException[access denied ("java.io.FilePermission" "/home/nc047262/elk/elastic/elasticsearch-7.17.0/elastic-stack-ca.p12" "read")]; Likely root cause: java.security.AccessControlException: access denied ("java.io.FilePermission" "/home/nc047262/elk/elastic/elasticsearch-7.17.0/elastic-stack-ca.p12" "read")
一共三个原因,本人全部踩坑:
1、必须赋予生成的证书 elastic-stack-ca.p12 777权限(把路径改成你自己的)
chmod 777 /home/elk/elastic/elasticsearch-7.17.0/elastic-stack-ca.p12
2、建议把此文件 elastic-stack-ca.p12 放置到config文件下,否则java可能会有权限问题。
3、最多的问题就是这个,生成elastic-stack-ca.p12时候,让你输入证书名没问题,但是让输入密码时候,千万千万不要输入任何东西,直接回车就可以了,这样后续在运行elasticsearch就不会有任何报错了。
如果你已经输入了,并且制作elastic-stack-ca.p12,可以再次运行命令:
bin/elasticsearch-certutil ca
请注意,再次输入证书名请更换为elastic-stack-ca.p13,相对的elasticsearch.yml文件的证书名配置也修改为elastic-stack-ca.p13,完美解决!!!