How to get truststore Credentials?

Rajeev_Bhat · April 23, 2020, 8:46am

Hello,
I wanted to replicate contents of my local couchbase bucket to an ElasticSearch index in elastic cloud. As it is “https”, I got to know I have to configure truststore part in config.toml file. But I couldn’t find out how to get the trust store credentials for elastic cloud. If anyone know how to get the SSL key from elastic cloud please help me out.

Thanks,
Rajeev

david.nault · April 23, 2020, 2:40pm

Hi Rajeev,

The Elasticsearch Cloud documentation has a page called Manage security certificates with a section called Get existing ECE security certificates. I think that might be what you’re looking for.

Thanks,
David

Rajeev_Bhat · April 23, 2020, 5:17pm

Thanks @david.nault . I got the security keys. But what do I do next? what should be the path/to/truststore and password for truststore?
Thanks,
Rajeev

david.nault · April 23, 2020, 5:29pm

Next you use the Java keytool command to add the certificate to a new or existing keystore file, and configure the connector to use that file as a trust store.

See the Secure Connections page of the connector documentation for details.

Thanks,
David

Rajeev_Bhat · April 24, 2020, 2:35am

Thank you , It really helped.
Rajeev

Rajeev_Bhat · April 24, 2020, 4:44am

Hello again,
I followed this and got certificate. but when running keytool , I am getting “keytool error: java.lang.Exception: Input not an X.509 certificate”.

Do I need to download X.509 certificate? There is no explanation here about how to download this. Sorry for bothering again.

Thanks,
Rajeev

david.nault · April 24, 2020, 5:37am

Googling “Input not an X.509 certificate” turned up this:

Rajeev_Bhat · April 24, 2020, 6:48am

Getting this error when run the connector.

06:37:13.133 [main] INFO  c.c.c.e.ElasticsearchConnector - Read configuration: ConnectorConfig{couchbase=CouchbaseConfig{hosts=[blrrndXXXXx01.net:8091], network=NetworkResolution{name='auto'}, username=devpdu, bucket=travel-sample, metadataBucket=meta, secureConnection=false, dcp=DcpConfig{compression=ENABLED, persistencePollingInterval=100ms, flowControlBuffer=128mb}}, elasticsearch=ElasticsearchConfig{hosts=[https://2d24deXXXX4d7999e64ffaa474d2aa.ap-southeast-1.aws.found.io:9243], username=elastic, secureConnection=true, bulkRequest=BulkRequestConfig{maxActions=1000, maxBytes=10mb, concurrentRequests=2, timeout=1m}, docStructure=DocStructureConfig{documentContentAtTopLevel=true, wrapCounters=false}, types=[TypeConfig{type=_doc, ignore=true, ignoreDeletes=false, matcher=prefix='_sync:'}, TypeConfig{index=test2, type=_doc, ignore=false, ignoreDeletes=false, matcher=prefix=''}, TypeConfig{index=test2, type=_doc, ignore=false, ignoreDeletes=false, matcher=prefix=''}], rejectLog=RejectLogConfig{index=cbes-rejects, typeName=_doc}, aws=AwsConfig{region=}}, metrics=MetricsConfig{logInterval=1m, httpPort=31415}, group=GroupConfig{name=example-group, staticMembership=1/1}, trustStore=TrustStoreConfig{path=config/truststore.jks}}
06:37:13.187 [main] INFO  c.c.c.e.ElasticsearchHelper - Elasticsearch client connect timeout = 5000ms; socket timeout=63000ms
06:37:13.481 [main] INFO  c.c.c.u.HttpServer - HTTP server listening at http://localhost:31415
06:37:13.481 [main] INFO  c.c.c.e.ElasticsearchConnector - Metrics available at http://localhost:31415/metrics?pretty
06:37:19.030 [main] WARN  c.c.c.e.ElasticsearchHelper - Failed to connect to Elasticsearch. Retrying in 2s
java.net.ConnectException: null
        at org.elasticsearch.client.RestClient$SyncResponseListener.get(RestClient.java:959) ~[elasticsearch-rest-client-6.7.1.jar:6.7.1]
        at org.elasticsearch.client.RestClient.performRequest(RestClient.java:233) ~[elasticsearch-rest-client-6.7.1.jar:6.7.1]
        at org.elasticsearch.client.RestHighLevelClient.internalPerformRequest(RestHighLevelClient.java:1764) ~[elasticsearch-rest-high-level-client-6.7.1.jar:6.7.1]
        at org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1734) ~[elasticsearch-rest-high-level-client-6.7.1.jar:6.7.1]
        at org.elasticsearch.client.RestHighLevelClient.performRequest(RestHighLevelClient.java:1717) ~[elasticsearch-rest-high-level-client-6.7.1.jar:6.7.1]
        at org.elasticsearch.client.RestHighLevelClient.performRequestAndParseEntity(RestHighLevelClient.java:1683) ~[elasticsearch-rest-high-level-client-6.7.1.jar:6.7.1]
        at org.elasticsearch.client.RestHighLevelClient.info(RestHighLevelClient.java:724) ~[elasticsearch-rest-high-level-client-6.7.1.jar:6.7.1]
        at com.couchbase.connector.elasticsearch.ElasticsearchHelper.waitForElasticsearchAndRequireVersion(ElasticsearchHelper.java:120) [couchbase-elasticsearch-connector-4.2.1.jar:?]
        at com.couchbase.connector.elasticsearch.ElasticsearchConnector.run(ElasticsearchConnector.java:137) [couchbase-elasticsearch-connector-4.2.1.jar:?]
        at com.couchbase.connector.elasticsearch.ElasticsearchConnector.main(ElasticsearchConnector.java:104) [couchbase-elasticsearch-connector-4.2.1.jar:?]

I tried with removing ‘https://’ in elastic host name as well, getting same error for that.
Why everything is listening to localhost even though I specified particular host address?

david.nault · April 24, 2020, 4:34pm

Why everything is listening to localhost even though I specified particular host address?

The component listening on localhost is the embedded HTTP server that reports connector metrics.

Have you confirmed the Elasticsearch service is listening on port 9243?
Is that the full stack trace, or is there a “Caused by” section as well?

Rajeev_Bhat · April 24, 2020, 4:56pm

Yes I can make curl calls on that port
Caused by section: (Sorry! I missed this part earlier!)

Caused by: java.net.ConnectException
        at org.apache.http.nio.pool.RouteSpecificPool.timeout(RouteSpecificPool.java:168) ~[httpcore-nio-4.4.5.jar:4.4.5]
        at org.apache.http.nio.pool.AbstractNIOConnPool.requestTimeout(AbstractNIOConnPool.java:561) ~[httpcore-nio-4.4.5.jar:4.4.5]
        at org.apache.http.nio.pool.AbstractNIOConnPool$InternalSessionRequestCallback.timeout(AbstractNIOConnPool.java:822) ~[httpcore-nio-4.4.5.jar:4.4.5]
        at org.apache.http.impl.nio.reactor.SessionRequestImpl.timeout(SessionRequestImpl.java:183) ~[httpcore-nio-4.4.5.jar:4.4.5]
        at org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor.processTimeouts(DefaultConnectingIOReactor.java:210) ~[httpcore-nio-4.4.5.jar:4.4.5]
        at org.apache.http.impl.nio.reactor.DefaultConnectingIOReactor.processEvents(DefaultConnectingIOReactor.java:155) ~[httpcore-nio-4.4.5.jar:4.4.5]
        at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor.execute(AbstractMultiworkerIOReactor.java:348) ~[httpcore-nio-4.4.5.jar:4.4.5]
        at org.apache.http.impl.nio.conn.PoolingNHttpClientConnectionManager.execute(PoolingNHttpClientConnectionManager.java:192) ~[httpasyncclient-4.1.2.jar:4.1.2]
        at org.apache.http.impl.nio.client.CloseableHttpAsyncClientBase$1.run(CloseableHttpAsyncClientBase.java:64) ~[httpasyncclient-4.1.2.jar:4.1.2]
        at java.lang.Thread.run(Thread.java:745) ~[?:1.8.0_65]