Elasticsearch TLS setup – Generating certificates using generate-tls-certificates.sh

139 viewsElasticsearch TLS
0
0 Comments

Hi,

I was attempting the enable TLS for my Elasticsearch setup. I am following the guide found here: Securing the Elasticsearch database | DataMiner Docs

When I was attempting to generate the TLS certificates using the "generate-tls-certifcates.sh" script, I encountered the following errors. The p12 files were still generated but when configured in the Elasticsearch instance, the service would not start.

I was hoping to get some guidance on this issue. I used the OpenSSL (v3.2.3) executable from the Git install (as recommended by the script's Git page) and the "keytool.exe" from OpenJDK 23 (again, as recommended by the script's Git page).

Or, would it be able to generate the PKCS12 file using a CSR?

Any help would be appreciated. If further info is needed, please let me know.

Thanks!

Seppe Dejonckheere [SLC] [DevOps Enabler] Answered question 3rd October 2024

1 Answer

0
1.89K 1 Comment

Hi,

I'm assuming you are using the powershell version of the script because you have to provide the paths to the keytool and openssl.

I had a look at the script and noticed it was not properly formatting the Subject Alternative Names configuration, causing a parsing error in openssl when generating the certificates, which led to incomplete p12 files in the end.

I fixed the issue and merged it into the Github repository, so downloading the script again should solve your problem.

If you would encounter any other issues, don't hesitate to reach out.

Kind regards,

Andrew Teoh [DevOps Advocate] Posted new comment 3rd October 2024
Andrew Teoh [DevOps Advocate] commented

Hi Seppe,

Yes, I’m using the powershell version. Thanks for the quick fix. Let me try it again.
You are viewing 1 out of 1 answers, click here to view all answers.