Running certgen in silent mode

ssasporta · January 5, 2017, 9:56am

Hi,

I am looking for example how to run certgen in silent mode. which flag and how to give the yml file containing the details.

Regards,
Sharon.

spinscale · January 5, 2017, 11:03am

Hey,

you can run certgen --help for a help, which also contains the -s for silent operation. I am not sure what you are after here, can you elaborate, if the above is not sufficient? Wondering about your reference with the YML file here.

--Alex

ssasporta · January 5, 2017, 11:57am

I need to run the certgen as part of an automatic deployment. I will need to use the --in flag, to supply all the relevant parameters via yml file.

So, should I run it like that:

sudo /usr/share/elasticsearch/bin/x-pack/certgen -in <path/of/certgen.yml>

I also need to see an understand the format of this certgen.yml that I am creating.

Maybe to see an example how to do it.

Thanks
Sharon.

ssasporta · January 8, 2017, 10:57am

Someone?

spinscale · January 8, 2017, 12:09pm

We updated the docs regarding running certgen in silent mode

Hope this helps, otherwise we will add more docs

ssasporta · January 8, 2017, 1:31pm

Are you sure that the file name is used for the name directory too? Is it for V5.0 also? When I run it, and unzip the file, files were created in directory /usr/share/kibana/optimize.

I will test it again next installation.

Regards,
Sharon.

TimV · January 9, 2017, 5:27am

The filename is used for the directory/certificate names within the zip file, it does not effect where the zipfile gets extracted to.

Certgen will create a .crt and .key file for each instance you list in your configuration file.
It uses the instance name for the filenames, and places each one in its own folder inside the zip file. If you don't want the instance-name to be the filename, (e.g. because it's too long, or is not a valid filename for your OS), then you can specify a filename to use instead of the instance name

For example if I use the yml configuration that is on the documentation page (linked above) then my zipfile looks like: (run using x-pack 5.0.2)

Archive:  certgen.zip
  Length      Date    Time    Name
---------  ---------- -----   ----
        0  01-09-2017 16:19   ca/
     1310  01-09-2017 16:19   ca/ca.crt
     1675  01-09-2017 16:19   ca/ca.key
        0  01-09-2017 16:19   node1/
     1306  01-09-2017 16:19   node1/node1.crt
     1679  01-09-2017 16:19   node1/node1.key
        0  01-09-2017 16:19   node2/
     1285  01-09-2017 16:19   node2/node2.crt
     1679  01-09-2017 16:19   node2/node2.key
        0  01-09-2017 16:19   node3/
     1257  01-09-2017 16:19   node3/node3.crt
     1679  01-09-2017 16:19   node3/node3.key
        0  01-09-2017 16:19   node4/
     1318  01-09-2017 16:19   node4/node4.crt
     1675  01-09-2017 16:19   node4/node4.key
        0  01-09-2017 16:19   node5/
     1334  01-09-2017 16:19   node5/node5.crt
     1675  01-09-2017 16:19   node5/node5.key
---------                     -------
    17872                     18 files

For instances node1, node2, node3 and node4 the files are named according to the instance name, but for the instance CN=node5,OU=IT,DC=mydomain,DC=com, we explicitly specify that it should be named node5, which is what ends up in the zip file.

system · February 6, 2017, 5:27am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
X-Pack Security Certgen Tool - How is silent mode used? Elasticsearch	3	974	December 30, 2016
Problem in creation of certgen in silent mode Elasticsearch	3	905	June 21, 2017
Certgen instances.yaml Elasticsearch elastic-stack-security	4	1641	February 9, 2018
ELastic-CertUtil erro trying to create Certificate-authorities, .crt, .key Elasticsearch elastic-stack-security	6	437	July 1, 2023
Enabling SSL in X-Pack and Active Directory Elasticsearch	3	587	April 22, 2017

Running certgen in silent mode

Related topics