i have an ELK stack version 8 environment and i use the default security configuration for Elasticsearch, with the default certificates (http_ca.crt, http.p12, transport.p12), at the moment the environment works fine with these certificates, but as How do i renew they when necessary?
Hi there, have you looked at our documentation : Updating node security certificates | Elasticsearch Guide [8.1] | Elastic ?
my doubt is, i have one file that are called transport.p12, how i generate this file? this is the CA file and i just need to rename that?
in my Elasticsearch.yml i have this certs
xpack.security.enabled: true
xpack.security.enrollment.enabled: true
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12
@ikakavas i saw in the documentation that you mentioned, this
Regardless of the scenario, Elasticsearch monitors the SSL resources for updates by default, on a five-second interval. You can just copy the new certificate and key files (or keystore) into the Elasticsearch configuration directory and your nodes will detect the changes and reload the keys and certificates.
when the certs expires, they will renew automaticaly?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.