Regarding clarification in ca

Hi Team,

We are in the process of adding a self-signed certificate to our Elasticsearch or Kibana setup. I have a couple of questions:

  1. Without a CA, can I use only the elastic.crt and elastic.key files?
  2. If I have a certificate that is signed by an organization, will it work without adding the CA?

Thanks!

Hi @Yogesh_AS

  1. Without a CA, can I use only the elastic.crt and elastic.key files?
  2. If I have a certificate that is signed by an organization, will it work without adding the CA?

It depends if all your machines have your company CAs installed properly in each machine's trust store then it should work... if not then you will need to provide the CA in the elasticsearch / Kibana and Client configs..

Pretty Easy To Test...

Setup Elastic with the pem/ct and key without setting the CA configs and then try to curl and check for the result

curl -v -u elastic https://<clusteriporhost>:9200

Hi @stephenb ,

Thanks for the clarification :blush:

In the end Certs are Certs and all the issues that come with them :slight_smile: ... Elasticsearch Products handle them pretty much like any other app... but that does not mean they are always easy to setup / configure etc..