I have configured a cert that has both server and client enabled but when using this for transport on 9300 I get:
exception caught on transport layer [Netty4TcpChannel{localAddress=/10.15.4.16:9300, remoteAddress=/10.15.4.18:37056, profile=default}], closing connection
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Empty client certificate chain
When I run this:
openssl s_client -connect 10.15.4.18:9300 </dev/null 2>/dev/null | openssl x509 -inform pem -text
I can see the following:
X509v3 extensions:
1.3.6.1.4.1.311.21.7:
0-.%+.....7.............*...x.......~......d...
X509v3 Extended Key Usage:
TLS Web Client Authentication, TLS Web Server Authentication
X509v3 Key Usage:
Digital Signature, Key Encipherment
1.3.6.1.4.1.311.21.10:
0.0
So it is set for client.
What else is missing?
Thanks