[ERROR][c.a.o.s.s.DefaultOpenDistroSecurityKeyStore] [example.com] Your keystore or PEM does not contain a key. If you specified a key password, try removing it. If you did not specify a key password, perhaps you need to if the key is in fact password-protected. Maybe you just confused keys and certificates.
Given a machine certificate example.pfx I can extract the key and certificate into two separate files example-certificate.pem example-certificate-key.pem using the below commands from Converting pfx to pem using openssl
Extracts the private key form a PFX to a PEM file:
I keep hitting the same error, is there a way I can confirm my pem files are correct or not to narrow down if the error is caused by Elasticsearch, the pem conversion, the pfx files I recieve, or something else?
Elasticsearch does not require pkcs8 format for a private key. The initial error is most likely because you didn't specify the password for the password protected key file (as suggested by the error message). In fact, Both example-certifate-key.pem and the later example-certificate-key-pkcs8.pem files should be of pkcs8 format. Just the later is not password protected because you explicilty specified -nocrypt.
The error message shows that you are using OpenDistro for Elasticsearch. It's a different product from the actual Elasticsearch, especially when it comes to security. Therefore, it is possible that it may behave different or doesn't support the same things that we support.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.