SSLHandshakeException certificate_unknown

Hi,

When I try to integrate Search Guard with Elasticsearch I keep getting the following error

javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

I use elasticsearch-7.6.1 and search-guard-7-7.6.1-40.0.0

Certificates are generated by download the certificates zip file (https://downloads.search-guard.com/resources/certificates/certificates.zip), unpacking it and placing all files in the \elasticsearch-7.6.1-windows-x86_64\elasticsearch-7.6.1\config directory

My elasticsearch.yml:

searchguard.ssl.transport.pemcert_filepath: esnode.pem
searchguard.ssl.transport.pemkey_filepath: esnode-key.pem
searchguard.ssl.transport.pemtrustedcas_filepath: root-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.pemcert_filepath: esnode.pem
searchguard.ssl.http.pemkey_filepath: esnode-key.pem
searchguard.ssl.http.pemtrustedcas_filepath: root-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.allow_default_init_sgindex: true
searchguard.authcz.admin_dn:
  - CN=kirk,OU=client,O=client,L=test, C=de
searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["SGS_ALL_ACCESS"]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
node.max_local_storage_nodes: 3
xpack.security.enabled: false

Am I not generating the certificate correctly? what am I doing wrong? Can anyone help me fix this problem.

Thanks in advance,

When did you get the error, after you started Kibana? If yes, did you setup SSL/TLS in kibana.yml? Here is the guide https://docs.search-guard.com/latest/kibana-plugin-installation#configuring-the-root-ca

At first glance the config looks fine to me. Can you please post the complete stack trace of the SSL exception from the ES logs? Thx!