SSL/TLS failed to load, java.io.IOException: extra data given to DerValue constructor

Hello! We are setting up our first Elasticsearch cluster and hit a problem with using our private CAs. I am able to get a cert and upload it, but every time I start elasticsearch I get errs around this:

java.io.IOException: extra data given to DerValue constructor

The certs all look good, but am wondering if there is a conversion or process I can do to verify their compatibility.

Thank you.

(I moved this from the Kibana forum to Elasticsearch)

Can you provide more details from the logs (for example, the full stack trace)?
And also a copy of the certificate - you can DM it to me if you prefer.

That exception is triggered deep in the JDK's security parsing code, there's no way to guess what the possible cause might be without a reproduction case.

Thank you! Turns out there was as second certificate in the PEM. And java is looking for a specific value, if that value differs it gets the DerValue error.

I resolved this by removing the extra certificate from the text PEM and re-encoding it to DER for use in ELK.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.