Kindly, I need your support where elastic search 7.6 documentation does not cover using an organization signing certificate .
if I use my organization signing certificate does the generated CSR's by certutils should contain public IP's and public DNS's or can I use our private IP 's, local DNS's (Elasticsearch nodes private not public)
is the xpack.security.transport.ssl.certificate_authorities a mandatory where my organization can not provide me with it's CA.
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: full
xpack.security.transport.ssl.key: /etc/elasticsearch/node01.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/node01.pem
#xpack.security.transport.ssl.certificate_authorities: [/etc/elasticsearch/node01.pem"]
Thanks very much for your interest in Elasticsearch.
Please be patient in waiting for responses to your question and refrain from pinging multiple times asking for a response or opening multiple topics for the same question. This is a community forum, it may take time for someone to reply to your question. For more information please refer to the Community Code of Conduct specifically the section "Be patient". Also, please refrain from pinging folks directly, this is a forum and anyone that participates might be able to assist you.
If you are in need of a service with an SLA that covers response times for questions then you may want to consider talking to us about a subscription.
There is no difference whether you sign this with an Organization CA or a public CA. Maybe I misunderstood your question, but why would that matter ?
is the xpack.security.transport.ssl.certificate_authorities a mandatory where my organization can not provide me with it's CA.
Yes it is. The CA certificate is meant to be public and distributed to entities so that they can verify the certificates that this CA is signing, so in order to use certificates that are signed by this CA, you either need this CA certificate or you need to disable certificate verification which is highly discouraged.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.