If you have multiple entries in the keystore and you are using aliases to refer to them, make sure that the configured alias in elasticsearch.yml matches the alias name in the keystore. Type of the entry, either PrivateKeyEntry, SecretKeyEntry or trustedCertEntryĭN of the issuer / signer of the certificate Signing CA, O=Example Com Inc., DC=example, DC=com The main attributes of an entry in the keystore look like: Alias name: node-0 Checking the main attributes of a certificate You can use it to examine the contents of locally stored files, but you can also retrieve and inspect certificates from a server (or Elasticsearch cluster) directly. KeyStore Explorer presents their functionality, and more, via an intuitive graphical user interface. KeyStore Explorer is an open source GUI replacement for the Java command-line utilities keytool and jarsigner. If you rather like to work with a GUI, we recommend KeyStore Explorer: For example you can use this output to check for the correctness of the SAN and EKU settings.
Keystore explorer command line password#
The keytool will prompt for the password of the keystore and list all entries with detailed information. In order to view information about the certificates stored in your keystore or truststore, use the keytool command like: keytool -list -v -keystore keystore.jks Viewing the contents of your Key- and Truststore Note: You can of course use to also validate any other Search Guard configuration file. Just copy and paste the content of your yaml file there and check for any errors. Yaml relies on correct indentation levels, and it is easy to overlook an incorrectly indented entry.Ī quick way of checking the validity of any yml file is to use the Yaml Lint web service: The Elasticsearch configuration is in yaml format, and so is the Search Guard configuration. If this information is not sufficient, you can also set the log level to trace. This will already print out a lot if helpful information in your log file. TLS troubleshooting Setting the log level to debugįor troubleshooting any problem with Search Guard, it is recommended to set the log level to at least debug.Īdd the following lines in config/log4j2.properties and restart your node: = com.floragunn