ElasticSeach SSL Signed overrun error

a09hopper · December 28, 2021, 9:45pm

Searching around I have not seen anyone run into this error.

I am using Elasticsearch 7.16.2 with a Windows CA, I request a CSR and then sign it with the Windows web enrolment under the web server setting, the following error follows:

[2021-12-28T21:40:35,360][ERROR][o.e.b.ElasticsearchUncaughtExceptionHandler] [node-1] uncaught exception in thread [main]
org.elasticsearch.bootstrap.StartupException: ElasticsearchSecurityException[failed to load SSL configuration [xpack.security.transport.ssl]]; nested: ElasticsearchException[failed to create trust manager]; nested: ElasticsearchException[failed to initialize a TrustManagerFactory]; nested: CertificateParsingException[signed overrun, bytes = 917];
        at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) ~[elasticsearch-7.16.2.jar:7.16.2]
        at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:157) ~[elasticsearch-7.16.2.jar:7.16.2]
        at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:77) ~[elasticsearch-7.16.2.jar:7.16.2]
        at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:112) ~[elasticsearch-cli-7.16.2.jar:7.16.2]
        at org.elasticsearch.cli.Command.main(Command.java:77) ~[elasticsearch-cli-7.16.2.jar:7.16.2]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:122) ~[elasticsearch-7.16.2.jar:7.16.2]
        at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:80) ~[elasticsearch-7.16.2.jar:7.16.2]
Caused by: org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl]

Elasticsearch.yml config

node.name: node-1
network.host: ['192.168.1.210','elastic.lab.local']
cluster.initial_master_nodes: ["node-1"]
# Transport layer
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: C:\\Users\\Administrator\\Desktop\\elasticsearch-7.16.2\\config\\certs\\elastic.cer
xpack.security.transport.ssl.certificate: C:\\Users\\Administrator\\Desktop\\elasticsearch-7.16.2\\config\\certs\\elastic.key


# HTTP layer
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.key: C:\\Users\\Administrator\\Desktop\\elasticsearch-7.16.2\\config\\certs\\elastic.cer
xpack.security.http.ssl.certificate: C:\\Users\\Administrator\\Desktop\\elasticsearch-7.16.2\\config\\certs\\elastic.key

Any help would be appreciated

TimV · December 28, 2021, 10:29pm

You've got your certificate and key files switched

a09hopper:

...transport.ssl.key: ... certs\\elastic.cer
...transport.ssl.certificate: ... certs\\elastic.key
...http.ssl.key: ... certs\\elastic.cer
...http.ssl.certificate: ... certs\\elastic.key

a09hopper · December 28, 2021, 10:39pm

That will be why I could not find other people having this issue Many thanks for pointing this out! That sorted the issue

system · January 25, 2022, 10:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.