Is the X-Pack ca.cert sensitive data?

security

#1

Stupid question, but I'm new to this stuff and just want to be 100% sure. I used certutil to create a PKI for Elasticsearch. I have the CA public and private keys. Is there any reason I should treat the public key as sensitive or should I just send it to whoever wants to connect in plain text?


(Tim Vernum) #2

The public key is public data. Depending on how you configure your TLS settings, you might even be sending the CA certificate automatically to clients when they try and connect (by default Elasticsearch doesn't, but it's not a completely unreasonable configuration to make).

As long as the file you are sharing is the certificate only, and not the private key, then you're fine.

But that's an important clarification - if you're usong PEM files, then you will typically have separate files for the certificate and key. But if you are using PKCS#12 files, then the "ca.p12" will include the certificate and the private key.


#3

Great, thanks!


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.