Elasticsearch keystore distinguished name

Hi elastic engineers,

Is there a way to create/generate/rename and use distinguished elasticsearch keystore file name instead of default name elasticsearch.keystore ?

I'm running multiple elasticsearch clusters (v.7.9/X-Pack enabled on RHEL) and generated/created distinguished password-protected certificate file names per cluster like elastic-certificates-dev.p12 (node cert), http-dev.p12 (node cert), http-dev.crt (rest client cert) for the dev cluster,
elastic-certificates-qa.p12, http-qa.p12, http-qa.crt for the qa cluster, etc. for the xat and prod clusters.
I distinguished certs file names for different clusters by appending the cluster name to the default names of the certificates to easy their maintainability.
The elasticsearh.yml matches and recognise those distinguished certificate file names.
I generate keystore file as 'elasticsearch-keystore create -p'
These setups and configurations work well with the default name of elasticserch.keystore, which keeps certificates' passwords.

The inconvenience is I need to maintain multiple elasticserch.keystore with the same name but with different content/passwords related to certificates being used in different environments - dev, qa, xat, prod.
Having the ability to generate and use keystore files with distinguished names like elasticserch-dev.keystore, elasticserch-qa.keystore, elasticserch-xat.keystore, etc. would simplify the maintainability and provide more flexibility as it is for the certificate file names.

Thanks in advance

Hi Vadim,

No there is no possibility to set a custom name for the elasticsearch keystore, it always is elasticsearch.keystore.

Feel free to open an issue at Issues · elastic/elasticsearch · GitHub if this is something you need and think should be useful for others too!

Thank you Ioannis for quick response.
I think when it comes to the maintenance of multiple elastic clusters on different regions (dev, qa, uat, etc.) with different certificates and their passwords, it would be nice to have the possibility of generating elasticsearch keystore file with custom name instead of default name.

Opened the issue at https://github.com/elastic/elasticsearch/issues/69610

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.