Elasticsearch can use PKCS#12 or PEM, and our certificate tool (elasticsearch-certutil
) can work with and generate either.
We default to PKCS#12 in the docs and in the tool because it produces a single file that contains all the certificate and key information that is needed for a node, so configuration is simpler.
Unfortunately the PKCS#12 support in Node.JS isn't as feature rich as in Java, so we aren't able to support PKCS#12 CAs in Kibana right now.