看,灰机...

Password verification failed

Elasticsearch | 作者 吴先森 | 发布于2017年08月21日 | 阅读数:12388

在本地集群调用java api都是可以的, 方法服务器上跑就抛异常了,jdk8,openssl 1.0.2l ,es 2.4.6 # # --------------------------------- search-guard和search-guard-ssl的配置项 ----------------------------------

# 配置认证方式

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend
searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator
searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator
searchguard.actionrequestfilter.names: ["none"]
searchguard.actionrequestfilter.none.allowed_actions:
searchguard.transport_auth.enabled: true
# marvel.agent.exporter.es.hosts: [ "http://admin:secret@localhost:6200"]
searchguard.authentication.authorization.settingsdb.roles.admin: ["root"]
searchguard.authentication.settingsdb.user.admin: secret
security.manager.enabled: false
searchguard.audit.type: internal_elasticsearch

##### 管理员账号配置

searchguard.authcz.admin_dn:

- "CN=admin, OU=client, O=Nn, L=Hz, C=DE"

# Enable or disable node-to-node ssl encryption (default: true)
searchguard.ssl.transport.enabled: true
searchguard.ssl.transport.keystore_type: JKS
###只使用http basic auth 未强制使用ssl

searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: node-0-keystore.jks
searchguard.ssl.http.keystore_password: aisino
searchguard.ssl.http.truststore_filepath: truststore.jks
searchguard.ssl.http.truststore_password: aisino
searchguard.ssl.http.enabled_protocols:

  - "TLSv1"
  - "TLSv1.1"
  - "TLSv1.2"

###节点下放的是node-*,这里就写哪个

searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: aisino
searchguard.ssl.transport.truststore_type: JKS
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: aisino
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.transport.resolve_hostname: false
searchguard.ssl.transport.enable_openssl_if_available: false
searchguard.ssl.transport.enabled_protocols:

    - "TLSv1"
    - "TLSv1.1"
    - "TLSv1.2"
 
org.springframework.context.support.ClassPathXmlApplicationContext - Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'elasticsearchGuardManage': Invocation of init method failed; nested exception is ElasticsearchSecurityException[Error while initializing transport SSL layer: java.io.IOException: Keystore was tampered with, or password was incorrect]; nested: IOException[Keystore was tampered with, or password was incorrect]; nested: UnrecoverableKeyException[Password verification failed];

Exception in thread "main" java.lang.ExceptionInInitializerError

    at com.isoftpage.api.es.demo.main.ESDataMigrationMain.main(ESDataMigrationMain.java:46)

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'elasticsearchGuardManage': Invocation of init method failed; nested exception is ElasticsearchSecurityException[Error while initializing transport SSL layer: java.io.IOException: Keystore was tampered with, or password was incorrect]; nested: IOException[Keystore was tampered with, or password was incorrect]; nested: UnrecoverableKeyException[Password verification failed];
    at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:137)

    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:409)

    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1620)

    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:555)

    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:483)

    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)

    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)

    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)

    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)

    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:761)

    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:867)

    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:543)

    at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:139)

    at org.springframework.context.support.ClassPathXmlApplicationContext.<init>(ClassPathXmlApplicationContext.java:83)

    at com.isoftpage.api.core.context.SpringContextLoader.<clinit>(SpringContextLoader.java:15)

    ... 1 more

Caused by: ElasticsearchSecurityException[Error while initializing transport SSL layer: java.io.IOException: Keystore was tampered with, or password was incorrect]; nested: IOException[Keystore was tampered with, or password was incorrect]; nested: UnrecoverableKeyException[Password verification failed];

    at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initSSLConfig(DefaultSearchGuardKeyStore.java:254)

    at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.<init>(DefaultSearchGuardKeyStore.java:147)

    at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:40)

    at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:128)

    at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)

    at org.elasticsearch.client.transport.TransportClient$Builder.build(TransportClient.java:141)

    at com.isoftpage.api.es.demo.common.ElasticsearchGuardManage.init(ElasticsearchGuardManage.java:68)

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

    at java.lang.reflect.Method.invoke(Method.java:498)

    at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleElement.invoke(InitDestroyAnnotationBeanPostProcessor.java:366)

    at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMetadata.invokeInitMethods(InitDestroyAnnotationBeanPostProcessor.java:311)

    at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:134)

    ... 15 more

Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect

    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)

    at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)

    at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)

    at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)

    at java.security.KeyStore.load(KeyStore.java:1445)

    at com.floragunn.searchguard.ssl.DefaultSearchGuardKeyStore.initSSLConfig(DefaultSearchGuardKeyStore.java:217)

    ... 28 more

Caused by: java.security.UnrecoverableKeyException: Password verification failed

    at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)

    ... 33 more
已邀请:

要回复问题请先登录注册