Problem adding nodes to an elasticsearch cluster using SSL, TLS and HTTPS

dferez · March 12, 2020, 7:31am

Hi.

I have a cluster under development for testing, and now I have implemented SSL, TLS and HTTPS following this link: "https://www.elastic.co/es/blog/configuring-ssl-tls-and-https-to -secure-elasticsearch-kibana-beats-and-logstash ". Everything works correctly, but when you want to add a new node, it doesn't work. I understand that for the new node I must create other file.crt and file.key using the same ca.crt that was generated at startup. To do this I use the following command ./bin/elasticsearch-certutil cert --ca /root/tmp/certs/certs/ca/ca.crt --dns node3.local --pem --out / root / tmp / certs /test.zip, I enter the password I set for the ca and it throws the following error:

    Enter password for CA (/root/tmp/certs/certs/ca/ca.crt) :
    Exception in thread "main" java.io.IOException: toDerInputStream rejects tag type 45
    at java.base/sun.security.util.DerValue.toDerInputStream(DerValue.java:858)
    at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1982)
    at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
    at java.base/java.security.KeyStore.load(KeyStore.java:1472)
    at org.elasticsearch.xpack.core.ssl.CertParsingUtils.readKeyStore(CertParsingUtils.java:75)
    at org.elasticsearch.xpack.core.ssl.CertParsingUtils.readKeyPairsFromKeystore(CertParsingUtils.java:141)
    at org.elasticsearch.xpack.core.ssl.CertParsingUtils.readPkcs12KeyPairs(CertParsingUtils.java:134)
    at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.lambda$loadPkcs12CA$1(CertificateTool.java:342)
    at org.elasticsearch.xpack.security.cli.CertificateTool.withPassword(CertificateTool.java:933)
    at org.elasticsearch.xpack.security.cli.CertificateTool.access$100(CertificateTool.java:85)
    at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.loadPkcs12CA(CertificateTool.java:341)
    at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.getCAInfo(CertificateTool.java:329)
    at org.elasticsearch.xpack.security.cli.CertificateTool$GenerateCertificateCommand.execute(CertificateTool.java:685)
    at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
    at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
    at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:91)
    at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
    at org.elasticsearch.cli.Command.main(Command.java:90)
    at org.elasticsearch.xpack.security.cli.CertificateTool.main(CertificateTool.java:137)

Can anyone wire me on how to fix this? Thank you.

system · April 9, 2020, 7:31am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.