elasticsearch的SSL configuration错误

1、先说一下elasticsearch配置用户名密码访问的配置方法：

生成ssl的p12证书（要设置证书密码）：

bin/elasticsearch-certutil ca

bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

2、创建用户密码（默认要为6个用户创建密码）：

bin/elasticsearch-setup-passwords interactive

3、elasticsearch.yml配置文件内容

#集群名字，目前是单节点

cluster.name: "test"

#节点名

node.name: "es_test"

#配置可进行数据交互的ip

network.host: 0.0.0.0

#允许http跨域访问，es_head插件必须开启

http.cors.enabled: true

http.cors.allow-origin: "*"

#数据存储路径

path.data: /usr/share/elasticsearch/data

#日志存储路径

path.logs: /usr/share/elasticsearch/logs

#不锁定jvm内存

bootstrap.memory_lock: false

#备份库

path.repo: ["/usr/share/elasticsearch/data/backup"]

#主节点

cluster.initial_master_nodes: ["es_test"]

#es_head连接时读取用户名密码

http.cors.allow-headers: Authorization,X-Requested-With,Content-Length,Content-Type

#开启密码认证

xpack.security.enabled: true

xpack.license.self_generated.type: basic

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.verification_mode: certificate

xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12

xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/elastic-certificates.p12

4、报错：ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to initialize SSL TrustManager - not permitted to read truststore file

5、解决方法：

配置elastic-certificates.p12的文件权限即可

chmod 777 elastic-certificates.p12