What am I doing wrong? missing some option, parameter?
I have my cluster setup with certificate and working fine with following config on all nodes.
it was created using
/usr/share/elasticsearch/bin/elasticsearch-certutil cert cert --ca elastic-certificates.p12
Same as describe in this link
https://www.elastic.co/guide/en/elasticsearch/reference/8.6/security-basic-setup.html
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/config/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/config/elastic-certificates.p12
and now when I try to generate certificate for node using ca that I have , it give me this error
following this - https://www.elastic.co/guide/en/elasticsearch/reference/8.6/security-basic-setup-https.html
Exception in thread "main" java.lang.IllegalArgumentException: ca certificate is not a CA!
at org.elasticsearch.xpack.security.cli.CertGenUtils.generateSignedCertificate(CertGenUtils.java:250)
at org.elasticsearch.xpack.security.cli.HttpCertificateCommand.writeCertificateAndKeyDetails(HttpCertificateCommand.java:365)
at org.elasticsearch.xpack.security.cli.HttpCertificateCommand.writeZip(HttpCertificateCommand.java:267)
at org.elasticsearch.xpack.security.cli.HttpCertificateCommand.execute(HttpCertificateCommand.java:238)
at org.elasticsearch.common.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:54)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:85)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:94)
at org.elasticsearch.xpack.security.cli.CertificateTool.execute(CertificateTool.java:160)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:85)
at org.elasticsearch.cli.Command.main(Command.java:50)
at org.elasticsearch.launcher.CliToolLauncher.main(CliToolLauncher.java:64)