Elasticsearch not starting with IOException error when using p12 files from outside CA


I successfully set up xpack basic security when I used self-signed certificates using Elasticsearch tools. When I had an internal authority create the p12 files for me following information from the Elasticsearch procedures I get this error when starting a node:

Failed to load SSL configuration [xpack.security.transport.ssl]; nested: ElasticsearchException[failed to initialize SSL TrustManager]; nested: IOException[toDerInputStream rejects tag type 80];

Could this be anything other than an issue with the p12 file?

What is the best way to have an outside CA create the p12 file for use in Elasticsearch nodes. Will possibly run into this issue when getting HTTP p12 files created as well.



It seems to me that your p12 file is invalid. Can you try to read it using a different tool such as openssl, e.g.:

openssl pkcs12 -info -nokeys -in YOUR_FILE

That seems to have been the issue. I'm hoping to get the proper p12 files soon.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.