Cannot create an enrollment token to enrol a new elasticsearch node

I have an elasticsearch 8.14 cluster running with 5 nodes with security enabled using own generated certificates. Everything is running fine but I now need to add 2 ingest only nodes. I am trying to create the enrollment token with:

/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node

But this is failing with:

ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificate, with exit code 73

Any ideas ?

Panic over :slight_smile:

I have resolved this, the http.p12 keystore didn't contain the private key for the CA. I have added the private key and can now generate enrollment tokens

2 Likes