LinuxCommandLibrary

elasticsearch-certutil

Elasticsearch TLS certificate generator

TLDR

Generate CA certificate

$ elasticsearch-certutil ca
copy
Generate node certificate
$ elasticsearch-certutil cert --ca [elastic-stack-ca.p12]
copy
Generate CSR
$ elasticsearch-certutil csr
copy
Generate HTTP certificates
$ elasticsearch-certutil http
copy
Output in PEM format
$ elasticsearch-certutil ca --pem
copy

SYNOPSIS

elasticsearch-certutil mode [options]

DESCRIPTION

elasticsearch-certutil generates certificates and certificate authorities for securing Elasticsearch clusters. It simplifies the certificate management process by automating the creation of self-signed certificates, certificate authorities, and certificate signing requests.
The tool is essential for enabling TLS/SSL encryption on both the transport layer (node-to-node communication) and the HTTP layer (client API access). It generates certificates in PKCS#12 or PEM format and can include multiple DNS names and IP addresses for cluster deployments.
elasticsearch-certutil streamlines security configuration required for production Elasticsearch deployments and enables features like Elastic Stack security.

PARAMETERS

--ca file

CA certificate to use.
--out file
Output file path.
--pem
Output in PEM format.
--dns names
DNS names for certificate.
--ip addresses
IP addresses for certificate.
--pass password
Password for output file.

SUBCOMMANDS

ca

Generate certificate authority.
cert
Generate X.509 certificates.
csr
Generate certificate signing requests.
http
Generate HTTP layer certificates.

SEE ALSO

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard

> TERMINAL_GEAR

Curated for the Linux community