TLS configuration with organizational certs

Is there a complete step-by-step guide to configure OpenSearch to use organization generated certs rather the demo certs. I am trying to use the exact same certs that work fine with Elasticsearch… 'true' 'certificates/host/key.pem' 'certificates/host/cert.pem' 'certificates/ca/cert.pem' 'true' 'certificates/host/key.pem' 'certificates/host/cert.pem' 'certificates/ca/cert.pem'

but all I get is…

[2022-01-14T21:17:13,851][ERROR][o.o.s.s.DefaultSecurityKeyStore] [opensearch] Your keystore or PEM does not contain a key. ...

I would happily just disable security for now. But it is no longer possible to start OpenSearch without transport TLS configured.

@robcowart - no, there isn’t a complete guide … I’ve worked my way through it a couple times now, though.

The message you get might indicate that you don’t have PKCS8 format keys … if your key file starts with “BEGIN PRIVATE KEY”, it’s PKCS8, but if it starts with “BEGIN RSA PRIVATE KEY” it’s the wrong format.