Should i use the same elasticsearch p12 keystore and truststore for every node in the cluster?

Hello, i'm updating the ssl transport with an external CA (not generated by elastic). The documentation tells to use the same p12 keystore and truststore for ever node:
Set up basic security for the Elastic Stack | Elasticsearch Guide [8.5] | Elastic.
Should i do this? or should i generate new truststore and keystore for every node?

No, you do not need to generate again and again for each node. You can use the same p12 cert file for each node if all the node or client IP's and hostnames are added to it.

how do you add each node to the p12 cert file? is it when generating CSR?

Yes, you are right.

It should be done while generating the .csr file before getting it signed.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.