Why does elasticsearch use PKCS#12, while Kibana needs PEM?

Elasticsearch can use PKCS#12 or PEM, and our certificate tool (elasticsearch-certutil) can work with and generate either.

We default to PKCS#12 in the docs and in the tool because it produces a single file that contains all the certificate and key information that is needed for a node, so configuration is simpler.

Unfortunately the PKCS#12 support in Node.JS isn't as feature rich as in Java, so we aren't able to support PKCS#12 CAs in Kibana right now.

4 Likes