In my system http.p12 expired in 2025 http_ca.p12 expired in 2026
I renew the http.p12 to 2030 using the http_ca.p12.
May I know whehter http.p12 can work in 2027 (as http_ca.p12 expired in 2026)
If not. Is there any means to renew the http_ca.p12
You have to generate a new CA store/certificate with the elasticsearch-certutil command:
./bin/elasticsearch-certutil ca
This outputs a p12 store which you can then use to create new certificates for the nodes (like you have already done).
Attention: this is for some client not possible without downtime (clients where you can only define one CA to verify against, like with the fingerprint option in the Beats or Logstash).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.