Skip to content

Self-signed Certificates

The automatic configuration

  • creates self-signed certificates for Elasticsearch,

  • adds their names in the elasticsearch.yml configuration file, and

  • stores the certificates in the newly created certs subdirectory.

Certificate Directories

The certificate files are stored in the following directories:

  • Linux:

    /opt/seal/etc/seal-elasticsearch/certs

  • Windows:

    "$env:ProgramData/SEAL Systems/config/seal-elasticsearch/certs"

These directories are created during the installation, if not yet existing.

Certificate Files

The certificates consist of 3 files:

  • http_ca.crt

    ... is a certificate file. It contains a public certificate for a certification authority (CA) server. You can distribute this CA certificate to your clients, e. g. the PLOSSYS Output Engine servers of a cluster with the corresponding Filebeat that connects itself as a client to the Elasticsearch database.

  • http.p12

    ... contains a self-signed certificate for HTTP API client connections such as Filebeat, Logstash, Kibana, etc.

  • transport.p12

    ... contains a self-signed certificate for the communication between cluster nodes.

Password Protection

The .p12 files are password protected. The corresponding passwords are saved in the Elasticsearch keystore.

You can extract the passwords with the following commands:

  • http

    • Linux:

      sudo ES_PATH_CONF=/opt/seal/etc/seal-elasticsearch /opt/seal/seal-elasticsearch/bin/elasticsearch-keystore show xpack.security.http.ssl.keystore.secure_password

    • Windows:

      $env:ES_PATH_CONF="C:\ProgramData\SEAL Systems\config\seal-elasticsearch"; & "$env:ProgramFiles\SEAL Systems\seal-elasticsearch\bin\elasticsearch-keystore.bat” show xpack.security.http.ssl.keystore.secure_password

  • transport

    • Linux:

      sudo ES_PATH_CONF=/opt/seal/etc/seal-elasticsearch /opt/seal/seal-elasticsearch/bin/elasticsearch-keystore show xpack.security.transport.ssl.            keystore.secure_password

    • Windows:

      $env:ES_PATH_CONF="C:\ProgramData\SEAL Systems\config\seal-elasticsearch"; & "$env:ProgramFiles\SEAL Systems\seal-elasticsearch\bin\elasticsearch-keystore.bat” show xpack.security.transport.ssl.keystore.secure_password
Back to top