root
/
elasticsearch
mirror of https://github.com/elastic/elasticsearch.git
1
0
Fork 0
Code Issues Actions 1 Packages Projects Releases Wiki Activity
elasticsearch/x-pack
History
Slobodan Adamović 112859b85d
Set `keyUsage` for generated HTTP certificates and self-signed CA (#126376) (#126447) 
The `elasticsearch-certutil http` command, and security auto-configuration, 
generate the HTTP certificate and CA without setting the `keyUsage` extension.

This PR fixes this by setting (by default):
- `keyCertSign` and `cRLSign` for self-signed CAs 
- `digitalSignature` and `keyEncipherment` for HTTP certificates and CSRs

These defaults can be overridden when running `elasticsearch-certutil http` 
command. The user will be prompted to change them as they wish.

For `elasticsearch-certutil ca`, the default value can be overridden by passing 
the `--keysage` option, e.g.
```
elasticsearch-certutil ca --keyusage "digitalSignature,keyCertSign,cRLSign" -pem    
```

Fixes #117769
 		2025-04-08 18:55:37 +10:00
..
dev-tools
libs [Gradle] Update shadow plugin (#116826) 2024-11-15 19:07:46 +01:00
license-tools
plugin Set `keyUsage` for generated HTTP certificates and self-signed CA (#126376) (#126447) 2025-04-08 18:55:37 +10:00
qa Avoid restarting data stream reindex when cluster is upgraded (#125587) (#125627) 2025-03-26 09:15:49 +01:00
rest-resources-zip Convert enterprise search module to new testing framework (#125807) (#125868) 2025-03-29 04:12:59 +11:00
test [ci] Add Alma Linux 9 to matrix in packaging and platform jobs (#118331) 2024-12-12 12:13:58 +01:00
NOTICE.txt
README.md
build.gradle Update Gradle wrapper to 8.13 (#122421) (#123874) 2025-03-05 23:49:38 +11:00

README.md

Elastic License Functionality

This directory tree contains files subject to the Elastic License. The files subject to the Elastic License are grouped in this directory to clearly separate them from files licensed under the Server Side Public License, v 1.