Hi Team,
I am getting some errors while renewing the p12 certs.
I followed the below steps:
Ste: 1 cd /usr/share/Elasticsearch
Step 2: ./bin/Elasticsearch-certutil ca
Step 3: ./bin/Elasticsearch-certutil cert --ca elastic-stack-ca.p12
Elasticsearch]# openssl pkcs12 -in elastic-certificates.p12 -out certificate.pem -nodes
Enter Import Password:
MAC verified OK
[ Elasticsearch]# cat certificate.pem | openssl x509 -noout -enddate
notAfter=Oct 20 20:32:49 2024 GMT
everything seems ok here with validity, and I created one of the node and did scp into all nodes.
once I placed the new certs in /etc/Elasticsearch/elastic-stack-ca.p12 & elastic-certificates.p12
Elasticsearch is throwing the error with commend
GET /_xpack/ssl/certificates
{
"error": {
"root_cause": [
{
"type": "i_o_exception",
"reason": "keystore password was incorrect"
}
],
"type": "i_o_exception",
"reason": "keystore password was incorrect",
"caused_by": {
"type": "unrecoverable_key_exception",
"reason": "failed to decrypt safe contents entry: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption."
}
},
"status": 500
}
It's a high priority, can someone help me as quickly as possible, please?