How to Fix elasticsearch key error when installing inConcert OCC

What These Errors Mean

You have two separate issues:

1. Warning (Microsoft repo) — non-critical

W: Key is stored in legacy trusted.gpg keyring

The Microsoft repo's GPG key was added using the old apt-key method, which is deprecated but still works. It's just a warning.

2. Error (Elastic repo) — critical, blocks installation

NO_PUBKEY D27D666CD88E42B4
E: The repository is not signed.

The Elastic repository's GPG public key is missing from your system, so apt refuses to trust it and won't install packages from it.

How to Fix

Fix 1 — Elastic repo (the actual error)

Re-add the Elastic GPG key using the modern method:

# Download and install the Elastic GPG key properly
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch \
  | sudo gpg --dearmor \
  | sudo tee /usr/share/keyrings/elasticsearch-keyring.gpg > /dev/null

Then update your Elastic repo source file to reference that key:

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] \
  https://artifacts.elastic.co/packages/8.x/apt stable main" \
  | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

Then run:

sudo apt update

Fix 2 — Microsoft repo (optional, cleans up the warning)

Migrate the Microsoft key from the legacy keyring to the modern location:

# Export the Microsoft key from the old keyring
sudo apt-key export BC528686B50D79E339D3721CEB3E94ADBE1229CF \
  | sudo gpg --dearmor \
  | sudo tee /usr/share/keyrings/microsoft.gpg > /dev/null

# Update the Microsoft repo source to use the new key
sudo sed -i 's|deb \[arch|deb [signed-by=/usr/share/keyrings/microsoft.gpg arch|' \
  /etc/apt/sources.list.d/microsoft-prod.list

Note: The exact key fingerprint and .list filename may differ on your machine. Run sudo apt-key list to find the correct fingerprint for the Microsoft key.

Summary

The Elastic fix is the one you must do — the Microsoft one is just cleanup.