"Signed fields invalid" for configuring HTTPS transport layer

gvx3 · January 28, 2021, 11:43am

Hi all,
I know that these kind of questions have been asking a lot, but I'm really stuck and can't help it

I'm using Helm to deploy elasticsearch, I use letsencrypt to generate cert, so I have fullchain.pem which is for certificate and privkey.pem for private key.

I copied all of them into 1 file call all.pem and mounted it into a Pod. I can see it in Pod. This is the current config

secretMounts:
  - name: certall
    secretName: certall
    path: /usr/share/elasticsearch/config/certs

esConfig:                                                                                                                                                                        
    elasticsearch.yml: |                                                                                                                                                           
      xpack.security.enabled: true                                                                                                                                                 
      xpack.security.transport.ssl.enabled: true                                                                                                                                   
      xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/certs/all.pem                                                                                                 
      xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/certs/all.pem

The exact error I got is the CertificateParsingException
I dont know what is wrong when it comes to certification exception, please help.
Thanks!

TimV · January 29, 2021, 5:38am

gvx3:

      xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/certs/all.pem                                                                                                 
      xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/certs/all.pem

It looks like you have the same setting for both key and certificate.
That's not right - you need to have the key & cert in different files.

gvx3 · January 29, 2021, 6:53am

yes, I have just separated them and it's fine now, but there's 1 more problem about file read exception. I'm following this https://discuss.elastic.co/t/trying-to-set-up-tls-on-elastic-cluster/143323/2 article, and I am trying to find the configuration path of es.path.conf in this helm chart. This path /usr/share/elasticsearch/config/ maybe not the right folder for the read permission although all files here have 777 permission. I've read the log but I haven't found the path. Do you have any idea ?

system · February 26, 2021, 6:53am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Configure TLS/SSL for elasticsearch using Letsencrypt issue Elasticsearch elastic-stack-security	2	738	February 25, 2021
Getting "signed fields invalid" when configure HTTPS to Elastic HTTP layer with X-Pack Elasticsearch elastic-stack-security	8	12553	August 6, 2019
Elasticsearch crashes with "Certificate chain is not valid" exception Elasticsearch elastic-stack-security	2	2887	January 17, 2020
Elastic Search SSL installation issue Elasticsearch elastic-stack-security	17	2760	September 11, 2019
Transport ssl cannot read configured Elasticsearch elastic-stack-security	1	98	June 19, 2024

"Signed fields invalid" for configuring HTTPS transport layer

Related Topics