Regarding clarification in ca

Yogesh_AS · May 18, 2024, 6:26am

Hi Team,

We are in the process of adding a self-signed certificate to our Elasticsearch or Kibana setup. I have a couple of questions:

Without a CA, can I use only the elastic.crt and elastic.key files?
If I have a certificate that is signed by an organization, will it work without adding the CA?

Thanks!

stephenb · May 18, 2024, 3:27pm

Hi @Yogesh_AS

Without a CA, can I use only the elastic.crt and elastic.key files?

If I have a certificate that is signed by an organization, will it work without adding the CA?

It depends if all your machines have your company CAs installed properly in each machine's trust store then it should work... if not then you will need to provide the CA in the elasticsearch / Kibana and Client configs..

Pretty Easy To Test...

Setup Elastic with the pem/ct and key without setting the CA configs and then try to curl and check for the result

curl -v -u elastic https://<clusteriporhost>:9200

Yogesh_AS · May 18, 2024, 3:33pm

Hi @stephenb ,

Thanks for the clarification

stephenb · May 18, 2024, 5:22pm

In the end Certs are Certs and all the issues that come with them ... Elasticsearch Products handle them pretty much like any other app... but that does not mean they are always easy to setup / configure etc..

Topic		Replies	Views
Https:9200 without user/password and certificate Elasticsearch	6	141	June 14, 2024
Generating A Certificate From The CA I Made Through Elasticsearch Elasticsearch elastic-stack-security	4	5621	February 1, 2022
Elasticsearch didn't create ca.key. How can i create new key/crt for new instances? Elasticsearch elastic-stack-security	3	1370	February 17, 2020
Generates self-signed client certificates (not server certificates) for Elasticsearch clients Elasticsearch	2	178	February 29, 2024
SSL for Elastic Search Elasticsearch elastic-stack-security	2	43	July 31, 2024

Regarding clarification in ca

Related Topics