mirror of
https://github.com/elastic/elasticsearch.git
synced 2025-04-26 16:17:19 -04:00
7c33a770ad
In #84340 we adjusted the docs to show instructions on how to retrieve TLS keystores passwords from the elasticsearch keystore but the security-files-reference.asciidoc was not referenced in all places where the instructions should be used. This commit changes that and also removes references for beta versions.
36 lines
1.4 KiB
Text
36 lines
1.4 KiB
Text
[role="exclude"]
|
|
===== Security certificates and keys
|
|
|
|
When you install {es}, the following certificates and keys are
|
|
generated in the {es} configuration directory, which are used to connect a {kib}
|
|
instance to your secured {es} cluster and to encrypt internode communication.
|
|
The files are listed here for reference.
|
|
|
|
`http_ca.crt`::
|
|
The CA certificate that is used to sign the certificates for the HTTP layer of
|
|
this {es} cluster.
|
|
|
|
`http.p12`::
|
|
Keystore that contains the key and certificate for the HTTP layer for this node.
|
|
|
|
`transport.p12`::
|
|
Keystore that contains the key and certificate for the transport layer for all
|
|
the nodes in your cluster.
|
|
|
|
`http.p12` and `transport.p12` are password-protected PKCS#12 keystores. {es}
|
|
stores the passwords for these keystores as <<secure-settings,secure
|
|
settings>>. To retrieve the passwords so that you can inspect or change the
|
|
keystore contents, use the
|
|
<<elasticsearch-keystore,`bin/elasticsearch-keystore`>> tool.
|
|
|
|
Use the following command to retrieve the password for `http.p12`:
|
|
[source,sh]
|
|
-------------------------
|
|
bin/elasticsearch-keystore show xpack.security.http.ssl.keystore.secure_password
|
|
-------------------------
|
|
|
|
Use the following command to retrieve the password for `transport.p12`:
|
|
[source,sh]
|
|
-------------------------
|
|
bin/elasticsearch-keystore show xpack.security.transport.ssl.keystore.secure_password
|
|
-------------------------
|