Where do we define the password for cert generated using elastic certutil in yml file?

If the error is along the line of not permitted to read ... file, it is a file permission issue, not password issue. In this case, you need fix the file permission so the elasticsearch process can read it. You can find details in this post.

After fixing the file permission issue, you may run into the actual password issue since you haven't specified it anywhere. You can add that to the elasticsearch keystore with the command:

./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

You can also check the documentation for details.