Hello!
I need clarification on the following prerequisite for setting up proper Fleet Server SSL/TLS certificates.
Excerpt from Configure SSL/TLS for self-managed Fleet Servers:
Elastic Agents require a PEM-formatted CA certificate to send encrypted data to Elasticsearch. If you followed the steps in Configure security for the Elastic Stack, your certificate will be in a p12 file. To convert it, use openssl:
openssl pkcs12 -in path.p12 -out cert.crt -clcerts -nokeys
openssl pkcs12 -in path.p12 -out private.key -nocerts -nodes
Key passwords are not currently supported.
I followed the steps that it mentions for setting up Elastic Stack security. I have a primary CA as elastic-stack-ca.p12. For each node I have two keystores, one for TLS/SSL and one for HTTPS: "elastic-certificates.p12" and "http.p12" respectively. These were generated for my three ES nodes using certutil and my primary CA, "elastic-stack-ca.p12", also created with the certutil. When this prerequisite says "certificate", which does it mean? Additionally, will converting this certificate to a .crt and .key file require re-configuring my ES nodes at all or can they continue to use the .p12 file?
Any help is greatly appreciated!