SSL Certificates Directory


(Colin) #1

Is there a reason why xpack requires all the certificates to be located within the /etc/elasticsearch directory, or am I doing something wrong? I have a few certs stored in /etc/pki/tls/private/... for other applications and would prefer not to have multiple copies of the private floating around if possible. Is there anyway around this??

Thanks


(Tim Vernum) #2

Elasticsearch runs under a Java Security Manager which intentionally prevents it from reading any files outside of the specific directories it needs (config, data, logs).

That prevents x-pack from reading certificates installed in different locations. While we understand there is some pain in having to copy certificates around, it's a trade-off we've chosen to make in order to ensure that ES cannot accidentally read/write files that it is not supposed to.


(system) #3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.