I have been experimenting and testing Elasticsearch 8 to assess migration and I am stuck at adding a new certificate authority CA to a newly setup cluster.
I have setup a single node and a multi-node clusters for testing, security is enabled by default and certificates are generated at install time. Everything works fine and I have been testing our code.
When I came to using our existing certificate authority for the cluster so I can replace the default certificates, I hit a glitch.
I tried first to add our CA to the truststore created at install time "transport.p12" using:
"keytool -importcert -trustcacerts -noprompt -keystore /etc/Elasticsearch/certs/transport.p12 -alias new-ca -file org.crt"
I am being asked for password for the keystore which I do not have, I tried leaving password empty but I get wrong password. The only password that Elasticsearch 8 gives at install is that for the account elastic, I tried that too and it did not work either.
Any idea what are the settings for the for the default certificates created at install time for Elasticsearch 8, can they be overridden, or replaced with our own CA. I must be missing something.