Setting up TLS/SSL with PEM format CA

I am trying to set up SSL between the nodes on my cluster. I have ran through the docs at:

[https://www.elastic.co/guide/en/elasticsearch/reference/6.3/configuring-tls.html](http://Encrypting communications in Elasticsearch)

I got things to work with P12 certificates. Our policies require us to store all certificates in Azure Key Vault. KV only supports PFX or PEM. I created my CA with the -pem option, it does not ask for a password, and it exports a zip file containing a folder with the ca.crt and ca.key. When I try to create a cert using this as the ca (pointing to the zip, the extracted folder from the zip, or the files within the extracted folder), I get prompted for the password for the CA, though there is none. No matter what I enter I get:

Exception in thread "main" java.io.IOException: toDerInputStream rejects tag type 45

How can I get this to work using the -pem option for both the CA and the cert?

Thanks,
~john

Looks like I found the answer:

https://medium.com/@shubhmeetkaur6/elastic-search-security-a81fc15ce948

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.