Hi,
I’m using TLS offline tool to generate certificates. After I generated it, I found this error when I validated it.
tools/sgtlsdiag.sh -ca …/files/searchguard/tls/root-ca.pem -crt …/files/searchguard/tls/10.49.116.129.pem
WARNING: JAVA_HOME not set, will use /usr/bin/java
···
========================================================================
…/files/searchguard/tls/10.49.116.129.pem
Certificate 1
SHA1 FPR: e2dcccb4117928ce56f6af6614f194d7e36ba09b
MD5 FPR: 13f77accfbfcd7f66d0a82bb56ea3560
Subject DN [RFC2253]: CN=10.49.116.129,OU=Technology Development,O=Refinitiv Company, Inc.,DC=Service Excellence,DC=Service Tools,C=US
Serial Number: 1552408688812
Issuer DN [RFC2253]: CN=Signing Compass Monitoring Events,OU=Technology Development,O=Refinitiv Company, Inc.,DC=Service Excellence,DC=Service Tools,C=US
Not Before: Tue Mar 12 23:38:10 ICT 2019
Not After: Thu Mar 11 23:38:10 ICT 2021
Key Usage: digitalSignature nonRepudiation keyEncipherment
Signature Algorithm: SHA256WITHRSA
Version: 3
Extended Key Usage: id_kp_serverAuth id_kp_clientAuth
Basic Constraints: -1
SAN:
iPAddress: 10.49.116.129
Certificate 2
SHA1 FPR: c861bdd81d59e02751f77bf1edfe0bbf72d226f7
MD5 FPR: 86ea5be9723c8ffe00d560eac7d66bcb
Subject DN [RFC2253]: CN=Signing Compass Monitoring Events,OU=Technology Development,O=Refinitiv Company, Inc.,DC=Service Excellence,DC=Service Tools,C=US
Serial Number: 2
Issuer DN [RFC2253]: CN=Compass Monitoring Events,OU=Technology Development,O=Refinitiv Company, Inc.,DC=Service Excellence,DC=Service Tools,C=US
Not Before: Tue Mar 12 23:38:10 ICT 2019
Not After: Thu Mar 11 23:38:10 ICT 2021
Key Usage: digitalSignature keyCertSign cRLSign
Signature Algorithm: SHA256WITHRSA
Version: 3
Extended Key Usage: null
Basic Constraints: 0
SAN: (none)
No certificate path could be found: No issuer certificate for certificate in certification path found.
``
What is the error message about? Can I still use the certificate?
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
24.1 and 6.6.0
- Installed and used enterprise modules, if any
No
- JVM version and operating system version
1.8
-
Search Guard configuration files
-
Elasticsearch log messages on debug level
-
Other installed Elasticsearch or Kibana plugins, if any