I am getting this error message when uploading my proxy certificate into ECE: Certificate chain was invalid [Invalid Entry: expected X.509 Certificate
As I don't have certificates, I am unable to log into Kibana and Elasticsearch.
I am using openssl to generate a self signed certificate which has multiple wildcard common names.
Created ssl.conf file with the default common name + alt names
When i run, openssl x509 -subject -issuer -noout -in /etc/ece/private.csr, I get the following:
unable to load certificate
140619479984016:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:707:Expecting: TRUSTED CERTIFICATE
Also, when I run, openssl x509 -noout -modulus -in /etc/ece/private.crt | openssl sha256 and openssl rsa -noout -modulus -in /etc/ece/private.key| openssl sha256, I get two different outputs - indicating a key mismatch.
I was wondering in the steps I did, where did I go wrong? I used the private key generated to create the subsequent certificates. If I were to create new certificates, will this override the old ones? How can I ensure when I generate the new certificates, it will be fine?
Your steps 2 and 3 are our steps 3 and 4, and then you sign the CSR with the key from your step 2 (not the CA cert from our steps 1/2)?
The alternative suggestion of using nginx or haproxy can also work well (since you need a load balancer anyway, so might as well use a tool that also is designed to handle the horrors of SSL certificate more robustly!)