search-guard ,并且使用 sgtlstool.sh 生成过证书,遇到一个报错
Elasticsearch | 作者 qiumingben | 发布于2019年01月16日 | 阅读数:2527
使用下面的命令去生成证书,并且生成之前已经创建了tlsconfig.yml,复制进去了网上教程里的内容
./sgtlstool.sh -c ../config/tlsconfig.yml -ca -crt
截图上传不上来,先把报错贴上来:
No client certificate was elected as admin certificate. If no admin certificate is present, the ES cluster cannot be used. Please specify admin: true for at least one client certificate. In order to generate the certificates anyway, specify the -f flag.
报错提示,要设置一个 admin: true的配置,检查了tlsconfig.yml文件,的确是配置了:
clients:
- name: ppb
dn:CN=ppb.corleone.com,OU=Ops,O=corleone Com\, Inc.,DC=corleone,DC=com
- name: backend
dn:CN=backend.corleone.com,OU=Ops,O=corleone Com\, Inc.,DC=corleone,DC=com
admin: true
在命令后面加上了 -f:
./sgtlstool.sh -c ../config/tlsconfig.yml -ca -crt -f
现在是下面的报错,看起来还是配置文件有问题
Root certificate has been sucessfully created.
The passwords of the private key files have been auto generated. You can find the passwords in root-ca.readme.
No DN specified for node certificate
No files have been written
./sgtlstool.sh -c ../config/tlsconfig.yml -ca -crt
截图上传不上来,先把报错贴上来:
No client certificate was elected as admin certificate. If no admin certificate is present, the ES cluster cannot be used. Please specify admin: true for at least one client certificate. In order to generate the certificates anyway, specify the -f flag.
报错提示,要设置一个 admin: true的配置,检查了tlsconfig.yml文件,的确是配置了:
clients:
- name: ppb
dn:CN=ppb.corleone.com,OU=Ops,O=corleone Com\, Inc.,DC=corleone,DC=com
- name: backend
dn:CN=backend.corleone.com,OU=Ops,O=corleone Com\, Inc.,DC=corleone,DC=com
admin: true
在命令后面加上了 -f:
./sgtlstool.sh -c ../config/tlsconfig.yml -ca -crt -f
现在是下面的报错,看起来还是配置文件有问题
Root certificate has been sucessfully created.
The passwords of the private key files have been auto generated. You can find the passwords in root-ca.readme.
No DN specified for node certificate
No files have been written
1 个回复
Leeeo - 90后IT男
赞同来自: