Renew http_ca.crt CA certificate of the elasticsearch cluster

Ankita_Pachauri · February 13, 2025, 6:41pm

Hello,

Can anyone help me understand on how to renew the http CA certificate for an autoconfigured on-prem cluster? This certificate was being used in the logstash's elasticsearch output section's cacert setting, however the system broke once the certificate expired. What is a safe way to renew this certificate and once renewed will I have to update anything in the http keystore? Also since its a production setup I don't want to mess up anything, are there any gotacha I should be aware off. For now I am using the ssl_certificate_verification => false as a workaround.

Quentin_Pradet · February 14, 2025, 11:30am

Hello, the procedure is documented in Update security certificates with a different CA | Elasticsearch Guide [8.17] | Elastic. Note that this also documents the case where you want to use an existing CA. This is not your case, so you should not skip the step that generates a new CA.

Topic		Replies	Views
Expired ca.crt/nodes certificates - how to renew such certificates? Elasticsearch elastic-stack-security	5	809	August 22, 2023
Renew auto generated http certificates Elasticsearch elastic-stack-security	4	761	July 16, 2024
How do I renew my elasticsearch self signed certificate which will not have impact on logstash vms Elasticsearch elastic-stack-security	10	1438	May 10, 2024
Doubts for SSL certs renew on ELK stack v8 Elasticsearch elastic-stack-security	4	619	April 26, 2022
Do I have to restart Elasticsearch cluster if I replace CA certificate? Kibana	2	364	May 13, 2023

Renew http_ca.crt CA certificate of the elasticsearch cluster

Related topics