I'm using ElasticSearch 5.5.2 within Docker (from the official images) and trying to setup the SSL configuration. I've set:
xpack.ssl.key=/usr/share/elasticsearch/config/tls/private/server.key xpack.ssl.certificate=/usr/share/elasticsearch/config/tls/certs/server.crt xpack.ssl.certificate_authorities=/usr/share/elasticsearch/config/tls/certs/trusted_certs.crt
And then volume mounts my host /etc/pki/tls in Docker with:
So far so good. But when I start up the node I get errors from SSLConfigurationReloader.java:76 because it's trying to access /usr/share/elasticsearch/config/tls/ca-bundle.crt. This is an error because on my system /etc/pki/tls/certs/ca-bundle.crt is a symlink to another folder (the same with ca-bundle.trust.crt). If I change the symlinks to be a regular file then everything boots correctly.
I'm surprised by this because my configuration does not reference that file anywhere and the documentation that I could find doesn't indicate that this is a default setting. I'd prefer to not have to change configuration of my host system, is there a way to prevent X-Pack from trying to access these two files? If not, for my education, is there a configuration setting that can alter these paths or is X-Pack hardcoded to look for these paths?