Running certgen in silent mode


I am looking for example how to run certgen in silent mode. which flag and how to give the yml file containing the details.



you can run certgen --help for a help, which also contains the -s for silent operation. I am not sure what you are after here, can you elaborate, if the above is not sufficient? Wondering about your reference with the YML file here.


I need to run the certgen as part of an automatic deployment. I will need to use the --in flag, to supply all the relevant parameters via yml file.

So, should I run it like that:

sudo /usr/share/elasticsearch/bin/x-pack/certgen -in <path/of/certgen.yml>

I also need to see an understand the format of this certgen.yml that I am creating.

Maybe to see an example how to do it.



We updated the docs regarding running certgen in silent mode

Hope this helps, otherwise we will add more docs :slight_smile:

Are you sure that the file name is used for the name directory too? Is it for V5.0 also? When I run it, and unzip the file, files were created in directory /usr/share/kibana/optimize.

I will test it again next installation.


The filename is used for the directory/certificate names within the zip file, it does not effect where the zipfile gets extracted to.

Certgen will create a .crt and .key file for each instance you list in your configuration file.
It uses the instance name for the filenames, and places each one in its own folder inside the zip file. If you don't want the instance-name to be the filename, (e.g. because it's too long, or is not a valid filename for your OS), then you can specify a filename to use instead of the instance name

For example if I use the yml configuration that is on the documentation page (linked above) then my zipfile looks like: (run using x-pack 5.0.2)

  Length      Date    Time    Name
---------  ---------- -----   ----
        0  01-09-2017 16:19   ca/
     1310  01-09-2017 16:19   ca/ca.crt
     1675  01-09-2017 16:19   ca/ca.key
        0  01-09-2017 16:19   node1/
     1306  01-09-2017 16:19   node1/node1.crt
     1679  01-09-2017 16:19   node1/node1.key
        0  01-09-2017 16:19   node2/
     1285  01-09-2017 16:19   node2/node2.crt
     1679  01-09-2017 16:19   node2/node2.key
        0  01-09-2017 16:19   node3/
     1257  01-09-2017 16:19   node3/node3.crt
     1679  01-09-2017 16:19   node3/node3.key
        0  01-09-2017 16:19   node4/
     1318  01-09-2017 16:19   node4/node4.crt
     1675  01-09-2017 16:19   node4/node4.key
        0  01-09-2017 16:19   node5/
     1334  01-09-2017 16:19   node5/node5.crt
     1675  01-09-2017 16:19   node5/node5.key
---------                     -------
    17872                     18 files

For instances node1, node2, node3 and node4 the files are named according to the instance name, but for the instance CN=node5,OU=IT,DC=mydomain,DC=com, we explicitly specify that it should be named node5, which is what ends up in the zip file.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.