New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Search guard not intialised #223

Closed
rajat007 opened this Issue Oct 19, 2016 · 1 comment

Comments

Projects
None yet
2 participants
@rajat007

rajat007 commented Oct 19, 2016

I am trying to use search guard for the purpose of securing the Elastic search node i had installed the search guard and search guard ssl also and git clone search guard in which the example-pki scripts are there from which i had generated the certificates after that i had made the changes to elasticsearch.yml file
searchguard.ssl.transport.keystore_filepath: node-0-keystore.jks
searchguard.ssl.transport.keystore_password: changeit
searchguard.ssl.transport.truststore_filepath: truststore.jks
searchguard.ssl.transport.truststore_password: changeit
searchguard.ssl.transport.enforce_hostname_verification: false
transport.profiles.default.port: 9300-9400
security.manager.enabled: false
searchguard.authcz.admin_dn:

  • "CN=kirk,OU=client,O=client,L=test, C=DE"

then i am running sgadmin file getting the error that Cannot retrieve cluster state due to None of the configured nodes are available

and in log files i am getting the error

[2016-10-19 18:08:32,863][ERROR][com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized
[2016-10-19 18:15:50,454][ERROR][com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized
[2016-10-19 18:20:11,294][ERROR][com.floragunn.searchguard.ssl.transport.SearchGuardSSLNettyTransport] [J2] SSL Problem null cert chain
javax.net.ssl.SSLHandshakeException: null cert chain
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1219)
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:852)
at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:425)
at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:303)
at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:559)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(AbstractNioWorker.java:108)
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(AbstractNioSelector.java:337)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:89)
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108)
at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:42)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: null cert chain
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:292)
at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1865)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:230)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1393)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1256)
... 18 more
[2016-10-19 18:58:48,946][ERROR][com.floragunn.searchguard.auth.BackendRegistry] Not yet initialized

@floragunncom

This comment has been minimized.

Show comment
Hide comment
@floragunncom

floragunncom Oct 19, 2016

Owner

Pls. ask question on how to setup Search Guard here https://groups.google.com/forum/#!forum/search-guard . There are already similar question matching "null cert chain". Maybe they can help you to solve your problem.

If you like to report a bug pls. provide all of this informations:

Github is a place only for reporting bugs or feature requests.
If you report a bug please include always the following informations:
* Search Guard and Elasticsearch version
* JVM version and operating system version
* Number of nodes in your cluster
* Description of the bug
These informations are optional but are very valueable and
typically would lead to get bugs fixed faster:
* Steps to reproduce
* Logfiles on DEBUG level
Owner

floragunncom commented Oct 19, 2016

Pls. ask question on how to setup Search Guard here https://groups.google.com/forum/#!forum/search-guard . There are already similar question matching "null cert chain". Maybe they can help you to solve your problem.

If you like to report a bug pls. provide all of this informations:

Github is a place only for reporting bugs or feature requests.
If you report a bug please include always the following informations:
* Search Guard and Elasticsearch version
* JVM version and operating system version
* Number of nodes in your cluster
* Description of the bug
These informations are optional but are very valueable and
typically would lead to get bugs fixed faster:
* Steps to reproduce
* Logfiles on DEBUG level
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment