Hello,
I am trying to add some users to .searchguard index with sgadmin.sh
I have changed the demo certificates to domain wildcard certificate.
Https works correctly, but I am not able to generate valid client certificates.
openssl genrsa -out admin-es.key 2048
openssl req -new -key admin-es.key -out admin-es.csr
openssl pkcs8 -topk8 -inform pem -in admin-es.key -outform pem -out admin-es.pkcs
openssl x509 -req -in admin-es.csr -CA domain.pem -CAkey domain.key -CAcreateserial -out admin-es.pem -days 1024 -sha256
openssl x509 -noout -subject -in admin-es.full.pem
subject= /C=CZ/ST=Some-State/L=Prague/O=domain/CN=admin
elasticsearch.yml
searchguard.authcz.admin_dn:
- C=CZ,ST=Some-State,L=Prague,O=domain,CN=admin
/usr/share/elasticsearch/plugins/search-guard-5/tools/sgadmin.sh -nhnv -key admin-es.pkcs -icl -cert admin-es.pem -cacert domain.pem -keypass pass
which results in:
SSL Problem Received fatal alert: bad_certificate
I have also tried to concatenate certs to bundle
cat admin-es.pem domain.pem > admin-es.full.pem
/usr/share/elasticsearch/plugins/search-guard-5/tools/sgadmin.sh -nhnv -key admin-es.pkcs -icl -cert admin-es.full.pem -cacert domain.pem -keypass pass
which results in
Can you please suggest what am I doing wrong?