Cannot create an enrollment token to enrol a new elasticsearch node

adrian.cunnelly · July 24, 2024, 10:51am

I have an elasticsearch 8.14 cluster running with 5 nodes with security enabled using own generated certificates. Everything is running fine but I now need to add 2 ingest only nodes. I am trying to create the enrollment token with:

/usr/share/elasticsearch/bin/elasticsearch-create-enrollment-token -s node

But this is failing with:

ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificate, with exit code 73

Any ideas ?

adrian.cunnelly · July 24, 2024, 12:50pm

Panic over

I have resolved this, the http.p12 keystore didn't contain the private key for the CA. I have added the private key and can now generate enrollment tokens

Topic		Replies	Views
ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificateociated certificate is a CA certificate Elasticsearch elastic-stack-security	3	5260	August 30, 2022
Cannot generate enrollment token Elasticsearch elastic-stack-security	2	481	November 17, 2023
Creating an enrollment token in Elastic fails due to PrivateKey error Elasticsearch elastic-stack-security	5	2066	September 19, 2022
How to generate the enrollment-token for another node with ssl? Kibana elastic-stack-security	7	627	July 25, 2023
Unable to create an enrollment token for Kibana. "Elasticsearch node HTTP layer SSL configuration Keystore doesn't contain any PrivateKey entries where the associated certificate is a CA certificate" Elasticsearch elastic-stack-security	7	17910	April 8, 2022

Cannot create an enrollment token to enrol a new elasticsearch node

Related topics