Hello,
I’m currently working on a task to test a secure connection between Archiving and Elasticsearch.
Following the command:
curl -k https://<ip>:<port>/_security/_authenticate
However, I’m encountering an issue with the SSL/TLS handshake. The error message I’m getting is javax.net.ssl.SSLHandshakeException: Empty client certificate chain
.
Here’s my Elasticsearch configuration related to SSL:
# Transport layer SSL configuration
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.http.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/node1.p12
xpack.security.transport.ssl.certificate_authorities: certs/ca.pem
# HTTP layer SSL configuration
xpack.security.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.client_authentication: required
xpack.security.http.ssl.keystore.path: certs/node1.p12
xpack.security.http.ssl.truststore.path: certs/client.p12
I’ve checked the contents of my keystore (certs/node1.p12
) and truststore (certs/client.p12
) using the keytool -list
command, and they seem to be correctly configured. The keystore contains the client certificate along with its private key, and all intermediate certificates (if any) are included. The truststore contains the root certificate. The certificates are in X.509 format.
Despite this, I’m still encountering the Empty client certificate chain
error. I would appreciate any guidance on how to resolve this issue. Could there be some other configuration problem that I’m overlooking? Or could there be a problem with the certificates themselves (e.g., they might not be trusted by the other party, they might be expired, etc.)?
Thank you in advance for your help!