Hello.
I tried and search a lot of stuff but I can't find any working solution...
Here is the facts:
We have an elk stack (elk1.domain .com,elk2.domain .com, elk3.domain .com + logstah elk04 and kibana elk05), working with a wildcard certificat star_domain.crt (from Digicert). I have to update with the new certificat star_domain.crt. I have a private key file star_domain.key, p7b version, cer version, etc...
Whatever I tried, with a chained cert or not, I always end up with :
-ca certificate is not a CA!
when using
sudo openssl pkcs7 -print_certs -in star_domain.p7b -out Cert2.cer
sudo openssl pkcs12 -export -in Cert2.cer -inkey star_domain.key -out cert2.pfx -certfile Cert2.cer
sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca cert2.pfx
or
- toDerInputStream rejects tag type 45 when using
sudo /usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca star_domain.crt
Is someone can help me with a precise solution? Is was working with the old certificat but the guy who installed it is no more working here and there is no doc. Also note the star cert works great on our apache servers or on kibana for accessing via https...