Is there a reason why xpack requires all the certificates to be located within the /etc/elasticsearch directory, or am I doing something wrong? I have a few certs stored in /etc/pki/tls/private/... for other applications and would prefer not to have multiple copies of the private floating around if possible. Is there anyway around this??
Thanks
Elasticsearch runs under a Java Security Manager which intentionally prevents it from reading any files outside of the specific directories it needs (config, data, logs).
That prevents x-pack from reading certificates installed in different locations. While we understand there is some pain in having to copy certificates around, it's a trade-off we've chosen to make in order to ensure that ES cannot accidentally read/write files that it is not supposed to.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.