We signed a cert from our internal ca, then xpack.security.transport.ssl configured use this cert, I know need import ca cert to es to solve this problem, but how to import it?
I tried below command, but failed
keytool -importcert -trustcacerts -file ${SHARE_DIR}/ubuntu/cert/certs/xiamu.com.cert -alias xiamu.com -keystore "/usr/local/elasticsearch-8.4.2/jdk/lib/security/cacerts" -storepass changeit
below is error log
e_cluster_client, data, data_cold, ingest, data_frozen]
[2024-04-08T23:27:21,955][ERROR][o.e.b.Elasticsearch ] [es-node1] fatal exception while booting Elasticsearchorg.elasticsearch.ElasticsearchSecurityException: failed to load SSL configuration [xpack.security.transport.ssl] - the truststore [/usr/local/elasticsearch-8.4.2/config/certs/xiamu.com.p12] does not contain any trusted certificate entries
at org.elasticsearch.xcore@8.4.2/org.elasticsearch.xpack.core.ssl.SSLService.lambda$loadSslConfigurations$11(SSLService.java:605)
at java.base/java.util.HashMap.forEach(HashMap.java:1421)
at java.base/java.util.Collections$UnmodifiableMap.forEach(Collections.java:1553)
at org.elasticsearch.xcore@8.4.2/org.elasticsearch.xpack.core.ssl.SSLService.loadSslConfigurations(SSLService.java:601)
at org.elasticsearch.xcore@8.4.2/org.elasticsearch.xpack.core.ssl.SSLService.<init>(SSLService.java:156)
See logs for more details.