/usr/share/elasticsearch/plugins/search-guard-2/tools/sgadmin.sh -cd /usr/share/elasticsearch/plugins/search-guard-2/sgconfig/ -ks elasticsearch-client-keystore.jks -ts staging-elasticsearch-client-truststore.jks -nhnv
Connect to localhost:9300
Exception in thread "main" ElasticsearchSecurityException[java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.]; nested: IOException[DerInputStream.getLength(): lengthTag=109, too big.];
at com.floragunn.searchguard.ssl.SearchGuardKeyStore.initSSLConfig(SearchGuardKeyStore.java:261)
at com.floragunn.searchguard.ssl.SearchGuardKeyStore.<init>(SearchGuardKeyStore.java:139)
at com.floragunn.searchguard.ssl.SearchGuardSSLModule.<init>(SearchGuardSSLModule.java:29)
at com.floragunn.searchguard.ssl.SearchGuardSSLPlugin.nodeModules(SearchGuardSSLPlugin.java:129)
at org.elasticsearch.plugins.PluginsService.nodeModules(PluginsService.java:263)
at org.elasticsearch.client.transport.TransportClient$Builder.build(TransportClient.java:139)
at com.floragunn.searchguard.tools.SearchGuardAdmin.main(SearchGuardAdmin.java:198)
Caused by: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
at sun.security.util.DerInputStream.getLength(DerInputStream.java:561)
at sun.security.util.DerValue.init(DerValue.java:365)
at sun.security.util.DerValue.<init>(DerValue.java:320)
at sun.security.pkcs12.PKCS12KeyStore.engineLoad(PKCS12KeyStore.java:1914)
at java.security.KeyStore.load(KeyStore.java:1445)
at com.floragunn.searchguard.ssl.SearchGuardKeyStore.initSSLConfig(SearchGuardKeyStore.java:208)
... 6 more
The keystore and truststore are of type JKS, but it seems that they are possibly being treated as PKCS12 by Elasticsearch. Is there a way to set the storetype in the sgadmin.sh command?