As I said above, you need a different pair for the server and a different for the client. You can't use one key/certificate for both sides.
xpack.security.http.ssl.key
xpack.security.http.ssl.certificate
is one thing.
The ones you will use with --key and --certificate is another thing.