37 lines
1.4 KiB
Plaintext
37 lines
1.4 KiB
Plaintext
[role="exclude"]
|
|
===== Security certificates and keys
|
|
|
|
When you install {es}, the following certificates and keys are
|
|
generated in the {es} configuration directory, which are used to connect a {kib}
|
|
instance to your secured {es} cluster and to encrypt internode communication.
|
|
The files are listed here for reference.
|
|
|
|
`http_ca.crt`::
|
|
The CA certificate that is used to sign the certificates for the HTTP layer of
|
|
this {es} cluster.
|
|
|
|
`http.p12`::
|
|
Keystore that contains the key and certificate for the HTTP layer for this node.
|
|
|
|
`transport.p12`::
|
|
Keystore that contains the key and certificate for the transport layer for all
|
|
the nodes in your cluster.
|
|
|
|
`http.p12` and `transport.p12` are password-protected PKCS#12 keystores. {es}
|
|
stores the passwords for these keystores as <<secure-settings,secure
|
|
settings>>. To retrieve the passwords so that you can inspect or change the
|
|
keystore contents, use the
|
|
<<elasticsearch-keystore,`bin/elasticsearch-keystore`>> tool.
|
|
|
|
Use the following command to retrieve the password for `http.p12`:
|
|
[source,sh]
|
|
-------------------------
|
|
bin/elasticsearch-keystore show xpack.security.http.ssl.keystore.secure_password
|
|
-------------------------
|
|
|
|
Use the following command to retrieve the password for `transport.p12`:
|
|
[source,sh]
|
|
-------------------------
|
|
bin/elasticsearch-keystore show xpack.security.transport.ssl.keystore.secure_password
|
|
-------------------------
|