Hi.
I have a cluster under development for testing, and now I have implemented SSL, TLS and HTTPS following this link: "https://www.elastic.co/es/blog/configuring-ssl-tls-and-https-to -secure-elasticsearch-kibana-beats-and-logstash ". Everything works correctly, but when you want to add a new node, it doesn't work. I understand that for the new node I must create other file.crt and file.key using the same ca.crt that was generated at startup. To do this I use the following command ./bin/elasticsearch-certutil cert --ca /root/tmp/certs/certs/ca/ca.crt --dns node3.local --pem --out / root / tmp / certs /test.zip
, I enter the password I set for the ca and it throws the following error:
Enter password for CA (/root/tmp/certs/certs/ca/ca.crt) :
Exception in thread "main" java.io.IOException: toDerInputStream rejects tag type 45
at java.base/sun.security.util.DerValue.toDerInputStream(DerValue.java:858)
at java.base/sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1982)
at java.base/sun.security.util.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:222)
at java.base/java.security.KeyStore.load(KeyStore.java:1472)
at org.elasticsearch.xpack.core.ssl.CertParsingUtils.readKeyStore(CertParsingUtils.java:75)
at org.elasticsearch.xpack.core.ssl.CertParsingUtils.readKeyPairsFromKeystore(CertParsingUtils.java:141)
at org.elasticsearch.xpack.core.ssl.CertParsingUtils.readPkcs12KeyPairs(CertParsingUtils.java:134)
at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.lambda$loadPkcs12CA$1(CertificateTool.java:342)
at org.elasticsearch.xpack.security.cli.CertificateTool.withPassword(CertificateTool.java:933)
at org.elasticsearch.xpack.security.cli.CertificateTool.access$100(CertificateTool.java:85)
at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.loadPkcs12CA(CertificateTool.java:341)
at org.elasticsearch.xpack.security.cli.CertificateTool$CertificateCommand.getCAInfo(CertificateTool.java:329)
at org.elasticsearch.xpack.security.cli.CertificateTool$GenerateCertificateCommand.execute(CertificateTool.java:685)
at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
at org.elasticsearch.cli.MultiCommand.execute(MultiCommand.java:91)
at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:125)
at org.elasticsearch.cli.Command.main(Command.java:90)
at org.elasticsearch.xpack.security.cli.CertificateTool.main(CertificateTool.java:137)
Can anyone wire me on how to fix this? Thank you.