Elasticsearch v 8.9.1 installed via ES apt repo on ubuntu 22.04.
I need to extract the self-signed CA and https cert from my elasticsearch 8.9.1 setup to copy to a gitlab instance for https connections. I've done the following to extract the CA and server crt; can someone please confirm this is correct?
openssl pkcs12 -in /etc/elasticsearch/http.p12 -cacerts -nokeys -out CA.crt openssl pkcs12 -in /etc/elasticsearch/http.p12 -clcerts -nokeys -out server.crt
I need to confirm as when I copy the above CA.crt and server.crt to my gitlab server into the trusted-certs dir, run gitlab-ctl reconfigure, and then use the gitlab embedded openssl to connect to my ES instance I get an error of
verify error:num=19:self signed certificate in certificate chain.
Before I make a post on the gitlab support site about why my self-signed cert/CA arent being recognized I'd like to confirm that I am indeed extracting the CA and server certs from ES correctly.