Doubts for SSL certs renew on ELK stack v8

i have an ELK stack version 8 environment and i use the default security configuration for Elasticsearch, with the default certificates (http_ca.crt, http.p12, transport.p12), at the moment the environment works fine with these certificates, but as How do i renew they when necessary?

Hi there, have you looked at our documentation : Updating node security certificates | Elasticsearch Guide [8.1] | Elastic ?

my doubt is, i have one file that are called transport.p12, how i generate this file? this is the CA file and i just need to rename that?

in my Elasticsearch.yml i have this certs

xpack.security.enabled: true

xpack.security.enrollment.enabled: true

# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
  enabled: true
  keystore.path: certs/http.p12

# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/transport.p12
  truststore.path: certs/transport.p12

@ikakavas i saw in the documentation that you mentioned, this

Regardless of the scenario, Elasticsearch monitors the SSL resources for updates by default, on a five-second interval. You can just copy the new certificate and key files (or keystore) into the Elasticsearch configuration directory and your nodes will detect the changes and reload the keys and certificates.

when the certs expires, they will renew automaticaly?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.