In what folder is the private key that corresponds to the certificate config\certs\http_ca.crt?

I'm trying to modify http_ca.crt (using the command ./bin/elasticsearch-certutil http), and it asks me for the path to private key corresponding to that file:

 What is the path to your CA key?
elasticsearch-8.2.3-windows-x86_64\elasticsearch-8.2.3\config\certs\http_ca.crt appears to be a PEM formatted certificate file.
In order to use it for signing we also need access to the private key

Where is the location of the CA key?

Hi @DataStorageMuse its me again :slight_smile:

It is stored in the elasticsearch encrypted key store... You will not be able to access it... You will not be able to modify the cert you will need to create a completely new one as far as I know. Hence a private key.

BTW I only figured this out last night when I was working on your other question...

You can see that it is in there with

hyperion:elasticsearch-8.2.3 sbrown$ ./bin/elasticsearch-keystore list
warning: ignoring JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-11.0.13.jdk/Contents/Home; using bundled JDK

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.