[ERROR][c.a.o.s.s.DefaultOpenDistroSecurityKeyStore] [example.com] Your keystore or PEM does not contain a key. If you specified a key password, try removing it. If you did not specify a key password, perhaps you need to if the key is in fact password-protected. Maybe you just confused keys and certificates.
Given a machine certificate example.pfx I can extract the key and certificate into two separate files example-certificate.pem example-certificate-key.pem using the below commands from Converting pfx to pem using openssl
Extracts the private key form a PFX to a PEM file:
openssl pkcs12 -in example.pfx -nocerts -out key.pem
Exports the certificate (includes the public key only):
openssl pkcs12 -in example.pfx -clcerts -nokeys -out example-certificate.pem
Removes the password from the extracted private key as elasticsearch does not support passwords on the private key:
openssl rsa -in key.pem -out example-certificate-key.pem
