No alias for PEM certificate when using elasticsearch-certutil cert

I have an application that needs to communicate to Logstash in TLS (one way) secure mode.
More specifically these are the requirements to setup such secured connection:
**Supported certificate format                        Required file**
Self-signed certificate	                        server.crt (CA signed certificate chain)
                                                                server.key (The Logstash server private key file in PEM format)
to accomplish that I have done the following (and as I am not an expert here I am not 100% I have done it correctly.. :-) )
[uuuut@xxxxx1 bin]# **./elasticsearch-certutil cert --pem --out /Logstash_secure**

WARNING: An illegal reflective access operation has occurred

WARNING: Illegal reflective access by org.bouncycastle.jcajce.provider.drbg.DRBG (file:/usr/share/ELK-7.5.0/elasticsearch-7.5.0/lib/tools/security-cli/bcprov-jdk15on-1.61.jar) to constructor
**If you specify any of the following options:**
*** -pem (PEM formatted output)**
* -keep-ca-key (retain generated CA key)
* -multiple (generate multiple certificates)
* -in (generate certificates from an input file)
**then the output will be be a zip file containing individual certificate/key files**
**Certificates written to /Logstash_secure**
This file should be properly secured as it contains the private key for
your instance.				

After unzipping the file, there will be a directory for each instance.

Each instance has a certificate and private key.

[root@sticking1 /]# **unzip Logstash_secure**
Archive:  Logstash_secure
   creating: ca/
  inflating: ca/ca.crt
   creating: instance/
  inflating: instance/instance.crt
  inflating: instance/instance.key

If I look inside the created certificate by running the command below
[root@sticking1 instance]# **keytool -v -printcert -file instance.crt**
Owner: CN=instance
Issuer: CN=Elastic Certificate Tool Autogenerated CA
Serial number: cb26d7871e034e48d472f75fd80645fd44ca6f17
Valid from: Thu Oct 12 22:48:08 PDT 2023 until: Sun Oct 11 22:48:08 PDT 2026
Certificate fingerprints:
         SHA1: F5:45:2B:A4:C4:85:40:6D:16:D8:D6:95:AD:63:1A:D6:5D:32:4D:E9
         SHA256: 30:08:7B:49:D5:79:E1:43:E9:24:68:91:95:6C:A8:5F:0E:AF:7D:69:AE:0D:CE:B3:12:A0:D3:91:99:AF:C7:85
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3


#1: ObjectId: Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 76 D5 D8 27 D3 86 9A D2   62 65 83 10 28 E2 33 C7  v..'
0010: 10 5E 0F E2                                        .^..

#2: ObjectId: Criticality=false
  PathLen: undefined

#3: ObjectId: Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: D2 1D C5 DC 47 17 B9 29   C1 76 99 AF 32 A0 84 D7  ....G..).v..2...
0010: E5 09 77 33                                        ..w3

there is no alias asscoaited and that makes in troubles because I need to specify certificate alias name when importing this into my application keystore....
Did I do some mistake or misunderstand something here?
Do I need to run the elasticsearch-certutil differently or with some addiotnal params to have the a .pme certificate created and also an alias for it?
Do I have a chance to retrieve or create an alais name for the certificate I have just created?

Thanks in advance 

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.