I'm following the documentation here: Tutorial 2: Securing a self-managed Elastic Stack | Elastic Installation and Upgrade Guide [8.14] | Elastic and have got to Step 3. The CA I've exported from our Microsoft Enterprise CA but it's a Two Tier authority with a Root and Subordinate. This means the C…

HTTP Certificates when CA is a chain

TimV (Tim Vernum) July 15, 2024, 1:10am 13

What's in ca.crt is it the chain or just the root cert?

What I would normally do in your case is:

configure ES to send the whole chain (or at least the leaf & intermediate)
configure clients to trust the root only.

Configuring ES to use the chain can be done by concatenating the certificates together and using that chained certificate file for xpack.security.http.ssl.certificate
You can follow the steps here

Topic		Replies	Views
Problem with elasticsearch-certutil http and "ca certificate is not a CA" error Elasticsearch elastic-stack-security	5	1551	August 16, 2022
Help with http certs in elasticsearch Elasticsearch elastic-stack-security	6	759	April 9, 2023
ELastic-CertUtil erro trying to create Certificate-authorities, .crt, .key Elasticsearch elastic-stack-security	6	437	July 1, 2023
Using certificate chain in Elasticsearch Elasticsearch elastic-stack-security	1	239	June 12, 2023
Understanding elasticsearch certiifcate Logstash	2	206	September 12, 2021

HTTP Certificates when CA is a chain

Related topics