I am currently using elasticsearch-certutil to generate my PEM certificates (.crt and .key) for Elasticsearch and Kibana through a certutil .yml file.
However I want to setup SSL for my Enterprise Search instance but it seems it doesn't accept PEM : it only accepts a ent_search.ssl.keystore.path option.
But certutil doesn't seem to accept an option to generate both PEM certificates and a PKCS keystore.
It is not possible to generate both PEM and p12 files at the same time. Both elasticsearch and Kibana can support p12 file. So a possible solution to just generate p12 files across the board, i.e. drop the --pem CLI option.
Note it might not do what you expect if you run the command twice, one for pem and the other time for p12. The way you invoke certutil is to ask for a new CA to be generated on the fly on each invocation. That is, certificates generated from two invocations will not automatically trust each other since they are signed by different CA.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.