No .PEM generated when using --pem mode in elasticsearch-certutil

I'm trying to generate a PEM certificate for elasticsearch using elasticsearch-certutil by introducing the following line

bin/elasticsearch-certutil ca --pem

Then, the program asks me to set a name for the resulting .zip . However, when finishing executing it, no .PEM has been issued from the program into the elasticsearch root directory.

I executed the program as root, using Elasticsearch 8.11 (the latest version up to date)

I appreciate any suggestion

Hello and welcome,

This is expected, it will create a zip file with the certificate and key in PEM format, it will not create a .pem file, it will create a .crt and a .key file.

So, if I want to use it in logstash, do I have only to change the extension .pem?

In the Elasticsearch output?

No, you need to use just the .crt file.

ssl_certificate_authorities => '/path/to/file/ca.crt'

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.