Where can I see my Certificate Fingerprint?

The documentation says:

the CA fingerprint logged by the server at initial startup.

However I can't find it. Is it in security -> CA certificates? If yes, than I can download that file, but how can I get the fingerprint out of it?

The documentation says it should be something like this:

HTTP CA certificate SHA-256 fingerprint:
a52dd93511e8c6045e21f16654b77c9ee0f34aea26d9f40320b531c474676228

Use the CA fingerprint

Copy the fingerprint value that’s output to your terminal when Elasticsearch starts, and configure your client to use this fingerprint to establish trust when it connects to Elasticsearch.

If the auto-configuration process already completed, you can still obtain the fingerprint of the security certificate by running the following command. The path is to the auto-generated CA certificate for the HTTP layer.

openssl x509 -fingerprint -sha256 -in config/certs/http_ca.crt

Thank you! But what if I'm not running it locally, and I have deployment on https://cloud.elastic.co/. Where can I input this command?

You can download the CA from Elastic Cloud,

Elastic Cloud -Deployment -> Security -> CA Cert and download the CA

Then run the command above against the cert you just downloaded

openssl x509 -fingerprint -sha256 -in 0A139270B1760010139270B1760010BF598F6.crt

It is a Public Signed Cert from an Official Cert Authority, curious how you want to use it?

Thank you again! I needed it so I could connect to Elastic Search with a client instance. The problem is that it says that the certificate is rejected

System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
System.Security.Authentication.AuthenticationException: The remote certificate was rejected by the provided RemoteCertificateValidationCallback.

Paste your code..... :slight_smile:

What URL and port did you put in?

Did you paste the fingerprint correctly?

Why are you not using the suggested Cloud Method... Though this should work too.

Also can you show more of the logs... more you show... more we can help

And since it is a Publicly Signed Cert and perhaps you just want to test, I don't think you even need the fingerprint check (maybe you do but this is not a self-signed cert which is what that example is)

note the .es in the Uri

var settings = new ElasticsearchClientSettings(new Uri("https://my-deployment.es.us-west1.gcp.cloud.es.io:9243"))
    .Authentication(new BasicAuthentication("elastic", "<PASSWORD>"));

You could also probably just use the ClientCertificate setting

Thank you! I was using a trial for testing and didn't need the cert. After removing it, I managed to connect!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.