Setting up TLS/SSL with PEM format CA

I am trying to set up SSL between the nodes on my cluster. I have ran through the docs at:

[](http://Encrypting communications in Elasticsearch)

I got things to work with P12 certificates. Our policies require us to store all certificates in Azure Key Vault. KV only supports PFX or PEM. I created my CA with the -pem option, it does not ask for a password, and it exports a zip file containing a folder with the ca.crt and ca.key. When I try to create a cert using this as the ca (pointing to the zip, the extracted folder from the zip, or the files within the extracted folder), I get prompted for the password for the CA, though there is none. No matter what I enter I get:

Exception in thread "main" toDerInputStream rejects tag type 45

How can I get this to work using the -pem option for both the CA and the cert?


Looks like I found the answer:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.