I am trying to set up SSL between the nodes on my cluster. I have ran through the docs at:
[Encrypting communications in Elasticsearch | Elasticsearch Guide [6.3] | Elastic](http://Encrypting communications in Elasticsearch)
I got things to work with P12 certificates. Our policies require us to store all certificates in Azure Key Vault. KV only supports PFX or PEM. I created my CA with the -pem option, it does not ask for a password, and it exports a zip file containing a folder with the ca.crt and ca.key. When I try to create a cert using this as the ca (pointing to the zip, the extracted folder from the zip, or the files within the extracted folder), I get prompted for the password for the CA, though there is none. No matter what I enter I get:
Exception in thread "main" java.io.IOException: toDerInputStream rejects tag type 45
How can I get this to work using the -pem option for both the CA and the cert?
Thanks,
~john