Regarding clarification in ca

Yogesh_AS · May 18, 2024, 6:26am

Hi Team,

We are in the process of adding a self-signed certificate to our Elasticsearch or Kibana setup. I have a couple of questions:

Without a CA, can I use only the elastic.crt and elastic.key files?
If I have a certificate that is signed by an organization, will it work without adding the CA?

Thanks!

stephenb · May 18, 2024, 3:27pm

Hi @Yogesh_AS

Without a CA, can I use only the elastic.crt and elastic.key files?

If I have a certificate that is signed by an organization, will it work without adding the CA?

It depends if all your machines have your company CAs installed properly in each machine's trust store then it should work... if not then you will need to provide the CA in the elasticsearch / Kibana and Client configs..

Pretty Easy To Test...

Setup Elastic with the pem/ct and key without setting the CA configs and then try to curl and check for the result

curl -v -u elastic https://<clusteriporhost>:9200

Yogesh_AS · May 18, 2024, 3:33pm

Hi @stephenb ,

Thanks for the clarification

stephenb · May 18, 2024, 5:22pm

In the end Certs are Certs and all the issues that come with them ... Elasticsearch Products handle them pretty much like any other app... but that does not mean they are always easy to setup / configure etc..

Topic		Replies	Views
Kibana not connecting to Elasticsearch when providing external Certificate Elastic Cloud on Kubernetes (ECK)	13	4157	January 11, 2022
Conf Kibana and shield Elasticsearch elastic-stack-security	6	1314	December 15, 2016
Kibana not trusting my elasticsearch/shield CA Elasticsearch elastic-stack-security	6	1775	July 6, 2017
Configuring SSL Elasticsearch 3 node cluster Elasticsearch elastic-stack-security	4	1286	June 10, 2020
Creating certs for kibana connecting to elastic Elasticsearch elastic-stack-security	3	765	September 9, 2020

Regarding clarification in ca

Related topics