SSLHandshakeException: Empty server certificate chain

ES version: 7.12
I'm getting this error...any help is really appreciated.

"Caused by: Empty server certificate chain",
"at ~[?:?]",
"at ~[?:?]",

Below are my setting true true TLSv1.2 certificate /usr/share/elasticsearch/config/certs/chain-test-rp-search.pfx /usr/share/elasticsearch/config/certs/chain-test-rp-search.pfx true optional certificate /usr/share/elasticsearch/config/certs/chain-test-rp-search-data.pfx /usr/share/elasticsearch/config/certs/chain-test-rp-search-data.pfx

Below is how I make pfx

openssl pkcs12 -export -out chain-test-rp-search.pfx      -inkey test-rp-search.key.pem      -in test-rp-search.cert.pem      -chain -CAfile chain-test-rp-search.cert.pem -name chain-test-rp-search -passout pass:

openssl pkcs12 -export -out chain-test-rp-search-data.pfx -inkey test-rp-search-data.key.pem -in test-rp-search-data.cert.pem -chain -CAfile chain-test-rp-search.cert.pem -name chain-test-rp-search-data -passout pass:

I wonder how this is working for others?

I figured it out...the issue was

  • PFX file must have a password to have full chain

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.