当我尝试使用以下命令重置弹性搜索密码时(在弹性搜索的 bin 目录中)。
elasticsearch-reset-password -u elastic -i
它抛出以下错误。
warning: ignoring JAVA_HOME=C:\Program Files\Eclipse Adoptium\jdk-17.0.2.8-hotspot\; using bundled JDK
02:00:13.407 [main] WARN org.elasticsearch.common.ssl.DiagnosticTrustManager - failed to establish trust with server at [172.29.208.1]; the server provided a certificate with subject name [CN=KRISHNA], fingerprint [ef47a4306ed5c7bdc8db75ab0386e7519e2c0d8b], no keyUsage and no extendedKeyUsage; the session uses cipher suite [TLS_AES_256_GCM_SHA384] and protocol [TLSv1.3]; the certificate has subject alternative names [IP:fe80:0:0:0:a4b3:95fe:147:c957,DNS:KRISHNA,IP:fe80:0:0:0:9cea:564f:faff:5474,IP:fe80:0:0:0:2842:9d64:6174:b4ab,IP:192.168.56.1,DNS:localhost,IP:192.168.74.1,IP:192.168.59.1,IP:fe80:0:0:0:bd4d:ac80:922d:4faf,IP:127.0.0.1,IP:0:0:0:0:0:0:0:1,IP:192.168.164.1,IP:192.168.1.2,IP:fe80:0:0:0:d859:bf5d:cd56:c037]; the certificate is issued by [CN=Elasticsearch security auto-configuration HTTP CA]; the certificate is signed by (subject [CN=Elasticsearch security auto-configuration HTTP CA] fingerprint [98a5caaf20af2d714b510c2a32e508dbd5504541] {trusted issuer}) which is self-issued; the [CN=Elasticsearch security auto-configuration HTTP CA] certificate is trusted in this ssl context ([xpack.security.http.ssl (with trust configuration: Composite-Trust{JDK-trusted-certs,StoreTrustConfig{path=certs/http.p12, password=<non-empty>, type=PKCS12, algorithm=PKIX}})])
java.security.cert.CertificateException: No subject alternative names matching IP address 172.29.208.1 found
at sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:165) ~[?:?]
at sun.security.util.HostnameChecker.match(HostnameChecker.java:101) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:452) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:426) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:238) ~[?:?]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) ~[?:?]
at org.elasticsearch.common.ssl.DiagnosticTrustManager.checkServerTrusted(DiagnosticTrustManager.java:82) ~[elasticsearch-ssl-config-8.1.2.jar:8.1.2]
at sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1341) ~[?:?]
at sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[?:?]
at sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[?:?]
at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[?:?]
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[?:?]
at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:458) ~[?:?]
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:201) ~[?:?]
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:172) ~[?:?]
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1500) ~[?:?]
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1415) ~[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:450) ~[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:421) ~[?:?]
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:580) ~[?:?]
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:183) ~[?:?]
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:142) ~[?:?]
at org.elasticsearch.xpack.core.common.socket.SocketAccess.lambda$doPrivileged$0(SocketAccess.java:42) ~[x-pack-core-8.1.2.jar:8.1.2]
at java.security.AccessController.doPrivileged(AccessController.java:569) [?:?]
at org.elasticsearch.xpack.core.common.socket.SocketAccess.doPrivileged(SocketAccess.java:41) [x-pack-core-8.1.2.jar:8.1.2]
at org.elasticsearch.xpack.core.security.CommandLineHttpClient.execute(CommandLineHttpClient.java:178) [x-pack-core-8.1.2.jar:8.1.2]
at org.elasticsearch.xpack.core.security.CommandLineHttpClient.execute(CommandLineHttpClient.java:112) [x-pack-core-8.1.2.jar:8.1.2]
at org.elasticsearch.xpack.security.tool.BaseRunAsSuperuserCommand.checkClusterHealthWithRetries(BaseRunAsSuperuserCommand.java:213) [x-pack-security-8.1.2.jar:8.1.2]
at org.elasticsearch.xpack.security.tool.BaseRunAsSuperuserCommand.execute(BaseRunAsSuperuserCommand.java:126) [x-pack-security-8.1.2.jar:8.1.2]
at org.elasticsearch.common.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:81) [elasticsearch-8.1.2.jar:8.1.2]
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:112) [elasticsearch-cli-8.1.2.jar:8.1.2]
at org.elasticsearch.cli.Command.main(Command.java:77) [elasticsearch-cli-8.1.2.jar:8.1.2]
at org.elasticsearch.xpack.security.authc.esnative.tool.ResetPasswordTool.main(ResetPasswordTool.java:50) [x-pack-security-8.1.2.jar:8.1.2]
ERROR: Failed to determine the health of the cluster.
如果是 https,我们可以使用
--url
选项重置密码,如下所示。
elasticsearch-reset-password -u elastic -i --url https://localhost:9200
来源:https://www.elastic.co/guide/en/elasticsearch/reference/current/trb-security-setup.html