I'm storing my elasticsearch.yml config file and the PKCS#12 certificates in different paths.
ES_PATH_CONF=C:\Repos\DevOps\Elastic\config\elasticsearch\elasticsearch-config
elasticsearch.yml
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: '${ES_CERT_PATH}\${node.name}.p12'
xpack.security.transport.ssl.truststore.path: '${ES_CERT_PATH}\${node.name}.p12'
I get this exception when I start a node:
Caused by: org.elasticsearch.ElasticsearchException: failed to initialize SSL TrustManager - access to read truststore f
ile [C:\elasticstack\certs\node1.p12] is blocked; SSL resources should be placed in the [C:\Repos\DevOps\Elastic
\config\elasticsearch\elasticsearch-config] directory
Caused by: java.security.AccessControlException: access denied ("java.io.FilePermission" "C:\elasticstack\certs\node1.p1
2" "read")
Is it possible to store the PKCS#12 certificates in a different location than the config path? If so, what other configuration needs to be set to allow access? (If this can be solved by PEM files, that's an acceptable solution as well.)