SSLHandshakeException: Empty server certificate chain

ES version: 7.12
I'm getting this error...any help is really appreciated.

"Caused by: javax.net.ssl.SSLHandshakeException: Empty server certificate chain",
"at sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[?:?]",
"at sun.security.ssl.Alert.createSSLException(Alert.java:117) ~[?:?]",

Below are my setting

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.supported_protocols: TLSv1.2    
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/certs/chain-test-rp-search.pfx
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/certs/chain-test-rp-search.pfx
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.client_authentication: optional
xpack.security.http.ssl.verification_mode: certificate    
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/certs/chain-test-rp-search-data.pfx
xpack.security.http.ssl.truststore.path: /usr/share/elasticsearch/config/certs/chain-test-rp-search-data.pfx

Below is how I make pfx

openssl pkcs12 -export -out chain-test-rp-search.pfx      -inkey test-rp-search.key.pem      -in test-rp-search.cert.pem      -chain -CAfile chain-test-rp-search.cert.pem -name chain-test-rp-search -passout pass:

openssl pkcs12 -export -out chain-test-rp-search-data.pfx -inkey test-rp-search-data.key.pem -in test-rp-search-data.cert.pem -chain -CAfile chain-test-rp-search.cert.pem -name chain-test-rp-search-data -passout pass:

I wonder how this is working for others?

I figured it out...the issue was

  • PFX file must have a password to have full chain

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.