I'm trying to modify http_ca.crt (using the command ./bin/elasticsearch-certutil http), and it asks me for the path to private key corresponding to that file:
What is the path to your CA key?
elasticsearch-8.2.3-windows-x86_64\elasticsearch-8.2.3\config\certs\http_ca.crt appears to be a PEM formatted certificate file.
In order to use it for signing we also need access to the private key
Where is the location of the CA key?
Hi @DataStorageMuse its me again 
It is stored in the elasticsearch encrypted key store... You will not be able to access it... You will not be able to modify the cert you will need to create a completely new one as far as I know. Hence a private key.
BTW I only figured this out last night when I was working on your other question...
You can see that it is in there with
hyperion:elasticsearch-8.2.3 sbrown$ ./bin/elasticsearch-keystore list
warning: ignoring JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk-11.0.13.jdk/Contents/Home; using bundled JDK
keystore.seed
xpack.security.http.ssl.keystore.secure_password
xpack.security.transport.ssl.keystore.secure_password
xpack.security.transport.ssl.truststore.secure_password
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.