I am using this blog post to setup TLS/SSL for my cluster. It's a great post and it's worked well for me, but i'm going back through it with a finer tooth comb to better understand what I am actually doing and what is being done.
At the point in the blog where you use Certutil this is the input:
[root@node1 elasticsearch]# bin/x-pack/certutil cert ca --pem --in ~/tmp/cert_blog/instance.yml --out ~/tmp/cert_blog/certs.zip
It looks like both parameters cert
and ca
are being used, but the doc on certutil states you can't do that (see below). I must be missing something. Could someone explain what I am missing. Thanks!
ca
Specifies to generate a new local certificate authority (CA). This parameter cannot be used with the csr or cert parameters.
cert
Specifies to generate new X.509 certificates and keys. This parameter cannot be used with the csr or ca parameters.