mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-06-28 17:34:17 -04:00
284121ad9f
The `elasticsearch-certutil http` command, and security auto-configuration, generate the HTTP certificate and CA without setting the `keyUsage` extension. This PR fixes this by setting (by default): - `keyCertSign` and `cRLSign` for self-signed CAs - `digitalSignature` and `keyEncipherment` for HTTP certificates and CSRs These defaults can be overridden when running `elasticsearch-certutil http` command. The user will be prompted to change them as they wish. For `elasticsearch-certutil ca`, the default value can be overridden by passing the `--keysage` option, e.g. ``` elasticsearch-certutil ca --keyusage "digitalSignature,keyCertSign,cRLSign" -pem ``` Fixes #117769 |
||
|---|---|---|
| .. | ||
| aggregations | ||
| community-contributed | ||
| elasticsearch | ||
| elasticsearch-plugins | ||
| enrich-processor | ||
| query-languages | ||
| scripting-languages | ||
| search/search-your-data | ||
| search-connectors | ||
| setup/install/docker | ||
| text-analysis | ||
| watcher/images | ||
| index.md | ||
| toc.yml | ||