Where do we define the password for cert generated using elastic certutil in yml file?

Hello,

In order to enable SSL security, I did follow steps and generated the certificate first. While generating it asked for a password(to create one for the cert protection)

Please enter the desired output file [elastic-certificates.p12]: /etc/elasticsearch/elastic-certificates.p12
Enter password for elastic-certificates.p12:

Certificates written to /etc/elasticsearch/elastic-certificates.p12

After that when I went in and make changes to the yml file, it only gives you the option to define the path and elastic service could not be started with a clear message:

failed to initialize SSL TrustManager - not permitted to read truststore file [/etc/elasticsearch/elastic-certifica
tes.p12

which I believe is only because I have not mentioned password anywhere. Any line that I could add or may be use keystore util to provide password for the cert?

Thank you so much

If the error is along the line of not permitted to read ... file, it is a file permission issue, not password issue. In this case, you need fix the file permission so the elasticsearch process can read it. You can find details in this post.

After fixing the file permission issue, you may run into the actual password issue since you haven't specified it anywhere. You can add that to the elasticsearch keystore with the command:

./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

You can also check the documentation for details.