I'm new to using it but I'm wondering what the major benefits are over using just the standard openssl?
openssl can be difficult to understand, difficult to obtain/install on some platforms, and its behaviour varies (in minor ways) between versions and platforms.
That makes it quite difficult to provide easy to use instructions for customers who wish to configure SSL in Elasticsearch.
certutil is designed to overcome those problems by providing exactly the interface we need it to, with a single tool that is included automatically in every Elasticsearch install, and works the same way on every platform.
It doesn't do anything that you can't do in openssl, we just think it's easier to use for the task we need it to do.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.