Dears,
I would like to generate the certs for filebeats service and when I try to do this:
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca /etc/elasticsearch/certs/ca.crt
I've got error message:
Enter password for CA (/etc/elasticsearch/certs/ca.crt) :
Exception in thread "main" java.io.IOException: toDerInputStream rejects tag type 45
at java.base/sun.security.util.DerValue.toDerInputStream(DerValue.java:858)
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1982)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
at java.base/java.security.KeyStore.load(KeyStore.java:1472)
at org.elasticsearch.xpack.core.ssl.CertParsingUtils.readKeyStore(CertParsingUtils.java:75)
at org.elasticsearch.xpack.core.ssl.CertParsingUtils.readKeyPairsFromKeystore(CertParsingUtils.java:141)
at org.elasticsearch.xpack.core.ssl.CertParsingUtils.readPkcs12KeyPairs(CertParsingUtils.java:134)
at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.lambda$loadPkcs12CA$1(CertificateTool.java:342)
at org.elasticsearch.xpack.security.cli.CertificateTool.withPassword(CertificateTool.java:933)
at org.elasticsearch.xpack.security.cli.CertificateTool.access$100(CertificateTool.java:85)
at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.loadPkcs12CA(CertificateTool.java:341)
at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.getCAInfo(CertificateTool.java:329)
at org.elasticsearch.xpack.security.cli.CertificateTool$GenerateCertificateCommand.execute(CertificateTool.java:685)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:91)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.xpack.security.cli.CertificateTool.main(CertificateTool.java:137)
There no password for ca.crt. Do you have any idea what is wrong?
The ca was generated with --keep-ca-key option.
Best Regards,
Dan