I'm trying to change Elasticsearch SSL certificates but I'm getting some errors and it's not starting.
I would like to change the CA and certificate to one generated by me, which I use for testing, to learn how to change the certificate.
1 - I created a PEM type CA certificate with an encrypted key.
2 - I created a PEM type certificate with an encrypted key.
3 - I signed this certificate with the CA.
4 - The password used in encryption is linux123456 (for testing)
6 - I generated the keystore with the KeyStore Explorer app, using the same password "linux123456".
7 - I changed the password stored in xpack.security.http.ssl.keystore.secure_password to "linux123456"
8 - Replaces the original http.p12 file with my http.p12 keystore.
When I start Elasticsearch I get the following error:
systemd: Starting Elasticsearch... systemd-entrypoint: uncaught exception in thread [main] systemd-entrypoint: org.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.http.ssl] - cannot load [PKCS12] keystore from [/etc/elasticsearch/certs/http.p12] due to UnrecoverableKeyException (Get Key failed: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.); this is usually caused by an incorrect key-password (we tried to access the key using the same password as the keystore) systemd-entrypoint: Likely root cause: javax.crypto.BadPaddingException: Given final block not properly padded. Such issues can arise if a bad key is used during decryption.
I'm using Elasticsearch 8.1.3 on AlmaLinux 8.5.
Any tips that can help me?