If you used elasticsearch-certutil to generate a PKCS#12 file and you did not specify a password, the file is encrypted, and you need to set server.ssl.truststore.password to an empty string.
This change enables me to use Puppet to set server.ssl.truststore.password to an empty string.
https://www.elastic.co/guide/en/kibana/current/configuring-tls.html#configuring-tls-kib-es says:
This change enables me to use Puppet to set
server.ssl.truststore.passwordto an empty string.Pull request acceptance prerequisites:
[ ] Updated CHANGELOG.md with patch notes (if necessary)— not a significant change[ ] Any relevant docs (README.markdown or inline documentation) updated— not a significant change[ ] Updated CONTRIBUTORS