Mutual tls/ssl on elasticsearch

Hi @ikakavas,

Firstly thanks for helping me.

I tried by above things but it was not working. So i generated new .p12 certs for both client and server and its working fine with client authentication. So i have formed a 3 node elastic cluster by using the same certs for all the 3 nodes. Node-1 and node-2 are working fine. Node-3 is also up and running fine but in console it keeps on throwing the below error :

Caused by: javax.net.ssl.SSLHandshakeException: Empty server certificate chain
        at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?]
        at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:307) ~[?:?]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:263) ~[?:?]
        at sun.security.ssl.TransportContext.fatal(TransportContext.java:254) ~[?:?]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:377) ~[?:?]
        at sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:366) ~[?:?]
        at sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392) ~[?:?]
        at sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:441) ~[?:?]
        at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1074) ~[?:?]
        at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1061) ~[?:?]
        at java.security.AccessController.doPrivileged(AccessController.java:688) ~[?:?]
        at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1008) ~[?:?]
        at io.netty.handler.ssl.SslHandler.runAllDelegatedTasks(SslHandler.java:1502) ~[netty-handler-4.1.35.Final.jar:4.1.35.Final]
        at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1516) ~[netty-handler-4.1.35.Final.jar:4.1.35.Final]
        at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1400) ~[netty-handler-4.1.35.Final.jar:4.1.35.Final]
        at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1227) ~[netty-handler-4.1.35.Final.jar:4.1.35.Final]
        at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1274) ~[netty-handler-4.1.35.Final.jar:4.1.35.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) ~[netty-codec-4.1.35.Final.jar:4.1.35.Final]
        at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) ~[netty-codec-4.1.35.Final.jar:4.1.35.Final]

Below is my yml for node-3:

node.name: node-3
cluster.name: dev_env
node.data: true
node.master: true
network.host: elastic.23.dev
network.publish_host: elastic.23.dev
transport.tcp.port: 9300
transport.publish_port: 9300
discovery.seed_hosts: ["node-1:9300","node-2:9301","node-3:9302"]
discovery.zen.minimum_master_nodes: 1
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate

### p12 Certs ###
xpack.security.transport.ssl.keystore.path: certs/server.p12
xpack.security.transport.ssl.truststore.path: certs/server.p12
xpack.security.http.ssl.keystore.path: certs/server.p12
xpack.security.http.ssl.truststore.path: certs/server.p12
xpack.security.http.ssl.client_authentication : required 

Note: All the nodes are having same certs and same config. Node-1 and node-2 and running fine without any errors in console. Node-3 is running fine but keeps on throwing the above error in console. Please help me on this. Thanks!