How import self-signed ca for es8.4.2

We signed a cert from our internal ca, then xpack.security.transport.ssl configured use this cert, I know need import ca cert to es to solve this problem, but how to import it?
I tried below command, but failed

keytool -importcert -trustcacerts -file ${SHARE_DIR}/ubuntu/cert/certs/xiamu.com.cert -alias xiamu.com -keystore "/usr/local/elasticsearch-8.4.2/jdk/lib/security/cacerts" -storepass changeit

below is error log

e_cluster_client, data, data_cold, ingest, data_frozen]
[2024-04-08T23:27:21,955][ERROR][o.e.b.Elasticsearch      ] [es-node1] fatal exception while booting Elasticsearchorg.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - the truststore [/usr/local/elasticsearch-8.4.2/config/certs/xiamu.com.p12] does not contain any trusted certificate entries
        at org.elasticsearch.xcore@8.4.2/org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSslConfigurations$11(SSLService.java:605)
        at java.base/java.util.HashMap.forEach(HashMap.java:1421)
        at java.base/java.util.Collections$UnmodifiableMap.forEach(Collections.java:1553)
        at org.elasticsearch.xcore@8.4.2/org.elasticsearch.xpack.core.ssl.SSLService.loadSslConfigurations(SSLService.java:601)
        at org.elasticsearch.xcore@8.4.2/org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:156)

See logs for more details.

I use below command transfer server cert to p12 format

openssl pkcs12 -export -in ${SHARE_DIR}/ubuntu/cert/certs/xiamu.com.cert -inkey ${SHARE_DIR}/ubuntu/cert/xiamu.com/private/xiamu.com.key -out ${SHARE_DIR}/ubuntu/cert/certs/xiamu.com.p12

fixed by blog.xiedeacc.com/archives/1712677655309

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.