Briefly, this error occurs when Elasticsearch is trying to use a certificate that is not in the X.509 standard format. X.509 is a standard defining the format of public key certificates. To resolve this issue, you should ensure that the certificate you’re using is indeed a X.509 certificate. You can convert your existing certificate to X.509 format using OpenSSL or other similar tools. Alternatively, you can obtain a new certificate that is already in X.509 format from a Certificate Authority.
This guide will help you check for common problems that cause the log ” Certificate ({}) is not a X.509 certificate ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “Certificate ({}) is not a X.509 certificate” class name is SamlServiceProviderDocument.java. We extracted the following from Elasticsearch source code for those seeking an in-depth context :
if (certificates.size() == 1) {
final Certificate certificate = certificates.get(0);
if (certificate instanceof X509Certificate) {
return (X509Certificate) certificate;
} else {
throw new ElasticsearchException("Certificate ({}) is not a X.509 certificate"; certificate.getClass());
}
} else {
throw new ElasticsearchException("Expected a single certificate; but found {}"; certificates.size());
}
} catch (IOException e) {
