"Signed fields invalid" for configuring HTTPS transport layer

Hi all,
I know that these kind of questions have been asking a lot, but I'm really stuck and can't help it

I'm using Helm to deploy elasticsearch, I use letsencrypt to generate cert, so I have fullchain.pem which is for certificate and privkey.pem for private key.

I copied all of them into 1 file call all.pem and mounted it into a Pod. I can see it in Pod. This is the current config

secretMounts:
  - name: certall
    secretName: certall
    path: /usr/share/elasticsearch/config/certs

esConfig:                                                                                                                                                                        
    elasticsearch.yml: |                                                                                                                                                           
      xpack.security.enabled: true                                                                                                                                                 
      xpack.security.transport.ssl.enabled: true                                                                                                                                   
      xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/certs/all.pem                                                                                                 
      xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/certs/all.pem   

The exact error I got is the CertificateParsingException
I dont know what is wrong when it comes to certification exception, please help.
Thanks!

It looks like you have the same setting for both key and certificate.
That's not right - you need to have the key & cert in different files.

1 Like

yes, I have just separated them and it's fine now, but there's 1 more problem about file read exception. I'm following this https://discuss.elastic.co/t/trying-to-set-up-tls-on-elastic-cluster/143323/2 article, and I am trying to find the configuration path of es.path.conf in this helm chart. This path /usr/share/elasticsearch/config/ maybe not the right folder for the read permission although all files here have 777 permission. I've read the log but I haven't found the path. Do you have any idea ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.