Hi all,
I'm on 6.3.2, trying to configure SSL.
I used certutil
to create the keystores for ca and nodes.
Trying the certificate api I get this information from my node:
[
{
"path": "/etc/elasticsearch/certs/m2-391-certificates.p12",
"format": "PKCS12",
"alias": "instance",
"subject_dn": "CN=Elastic Certificate Tool Autogenerated CA",
"serial_number": "xxxxxx",
"has_private_key": false,
"expiry": "2021-11-28T14:06:58.000Z"
},
{
"path": "/etc/elasticsearch/certs/m2-391-certificates.p12",
"format": "PKCS12",
"alias": "instance",
"subject_dn": "CN=instance",
"serial_number": "yyyyyy",
"has_private_key": true,
"expiry": "2021-11-28T14:12:08.000Z"
},
{
"path": "/etc/elasticsearch/certs/m2-391-certificates.p12",
"format": "PKCS12",
"alias": "ca",
"subject_dn": "CN=Elastic Certificate Tool Autogenerated CA",
"serial_number": "xxxxxx",
"has_private_key": false,
"expiry": "2021-11-28T14:06:58.000Z"
}
]
while using keytool
I get this information
[root@v-aps-s-m2-391 certs]# keytool -list -keystore /etc/elasticsearch/certs/m2-391-certificates.p12 -v
Enter keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry
Alias name: instance
Creation date: Nov 29, 2018
Entry type: PrivateKeyEntry
*******************************************
*******************************************
I want to export the certificate but in the keystore i found only the private key, also if I try to export it I get an error:
[root@v-aps-s-m2-391 certs]# keytool -export -keystore /etc/elasticsearch/certs/m2-391-certificates.p12 -alias instance -file test
Enter keystore password:
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
keytool error: java.lang.Exception: Alias <instance> has no certificate
So where is the certificate stored and how can I access it?
Thanks in advance