Problem in creation of certgen in silent mode


(thiru) #1

Hi I'm trying to generate SSL certificates for ELK -5.4.0 using x-pack in silent mode, but it prompting file name to enter, can anybody please help on this to work it out without any prompts
(My ref: https://www.elastic.co/guide/en/x-pack/current/ssl-tls.html)

here is my yml file is(certs.yml):

instances:

  • name: "MSTRR16N01-NFVSYS-MMLCTL1"
    ip:
    • "10.34.4.20"
    • "10.34.5.20"
    • "10.34.5.22"
      filename: "/tmp/certificate-bundle.zip"

and I got prompt which forces manual entry as below.

root@MSTRR16N01-NFVSYS-MMLCTL1:/usr/share/elasticsearch# bin/x-pack/certgen --in /tmp/cert.yml
This tool assists you in the generation of X.509 certificates and certificate
signing requests for use with SSL in the Elastic stack. Depending on the command
line option specified, you may be prompted for the following:

  • The path to the output file
    • The output file is a zip file containing the signed certificates and
      private keys for each instance. If a Certificate Authority was generated,
      the certificate and private key will also be included in the output file.
  • Information about each instance
    • An instance is any piece of the Elastic Stack that requires a SSL certificate.
      Depending on your configuration, Elasticsearch, Logstash, Kibana, and Beats
      may all require a certificate and private key.
    • The minimum required value for each instance is a name. This can simply be the
      hostname, which will be used as the Common Name of the certificate. A full
      distinguished name may also be used.
    • A filename value may be required for each instance. This is necessary when the
      name would result in an invalid file or directory name. The name provided here
      is used as the directory name (within the zip) and the prefix for the key and
      certificate files. The filename is required if you are prompted and the name
      is not displayed in the prompt.
    • IP addresses and DNS names are optional. Multiple values can be specified as a
      comma separated string. If no IP addresses or DNS names are provided, you may
      disable hostname verification in your SSL configuration.
  • Certificate Authority private key password
    • The password may be left empty if desired.

Let's get started...

Please enter the desired output file [/etc/elasticsearch/x-pack/certificate-bundle.zip]:


(Tim Vernum) #2

Pass the -out option when you run certgen.
For example:

certgen -in certs.yml -out ${PWD}/certs.zip

(thiru) #3

Its worked, great thanks Tim.


(system) #4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.