Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOCS] Steps for updating TLS certificates #73781

Merged
merged 38 commits into from Jul 28, 2021
Merged

[DOCS] Steps for updating TLS certificates #73781

Show file tree
Hide file tree
Changes from 30 commits
Commits
Show all changes
38 commits
Select commit Hold shift + click to select a range
f81e1f1
[DOCS] Steps for updating TLS certificates
Jun 4, 2021
5d8cd30
Updates for changing CA
Jun 7, 2021
7d0ef46
Merge branch 'master' into docs__update-tls-certs
elasticmachine Jun 7, 2021
81d1708
Updates for rotating certs with a new CA
Jun 8, 2021
7674c75
Add instructions for generating HTTP certs with a new CA
Jun 9, 2021
cdc615d
Merge branch 'master' into docs__update-tls-certs
elasticmachine Jun 9, 2021
7313c4b
Add steps for creating HTTP certs with new CA
Jun 10, 2021
4ad7ca9
Clarify note about cluser restart and other edits
Jun 10, 2021
f2205ef
Clarifying scenarios
Jun 10, 2021
3addf63
Merge branch 'master' into docs__update-tls-certs
elasticmachine Jun 10, 2021
6cd5cec
Apply suggestions from code review
Jun 21, 2021
4526703
Merge branch 'master' into docs__update-tls-certs
elasticmachine Jun 21, 2021
86e02a5
Incorporating review feedback and making necessary changes
Jun 21, 2021
8c10122
Clarifications and changes regarding restarts
Jun 22, 2021
e2438b7
Remove errant --pem in basic security setup
Jun 23, 2021
ead212d
Incorporate suggestions from code review
Jun 23, 2021
76b2be3
Many, many updates. But good ones.
Jun 23, 2021
772976d
Merge branch 'master' into docs__update-tls-certs
elasticmachine Jun 24, 2021
286a2d8
Add languages for snippets
Jun 24, 2021
c82ffdb
Reorder steps to reference rolling restart throughout for consistency
Jun 24, 2021
0d4b600
Merge branch 'master' into docs__update-tls-certs
elasticmachine Jun 24, 2021
8c48acf
Add clarifying what's next steps
Jun 28, 2021
17c7ee9
Merge branch 'master' into docs__update-tls-certs
elasticmachine Jun 28, 2021
c855d0e
Add instructions for updating Kibana certificate
Jun 28, 2021
1d65d84
Merge branch 'master' into docs__update-tls-certs
elasticmachine Jun 30, 2021
dffd630
Merge branch 'master' into docs__update-tls-certs
elasticmachine Jul 6, 2021
a09f25c
Merge branch 'master' into docs__update-tls-certs
elasticmachine Jul 6, 2021
271d8bf
Apply suggestions from Ioannis' stellar code review
Jul 8, 2021
e7d031f
Update instructions to use a single keystore, plus other review changes
Jul 12, 2021
3be5877
Merge branch 'master' into docs__update-tls-certs
elasticmachine Jul 13, 2021
fefc0be
Incorporating another round of review comments
Jul 16, 2021
a60e502
Merge branch 'master' into docs__update-tls-certs
elasticmachine Jul 26, 2021
688fba3
Minor updates from reviewer feedback
Jul 27, 2021
f47d766
Merge branch 'master' into docs__update-tls-certs
elasticmachine Jul 27, 2021
474eeab
Clarifying examples and fixing numbering
Jul 27, 2021
34bf6de
Skip tests that are creating unnecessary noise
Jul 28, 2021
aa0b16a
Quieting other tests
Jul 28, 2021
cb49f8e
Merge branch 'master' into docs__update-tls-certs
elasticmachine Jul 28, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions x-pack/docs/en/security/index.asciidoc
View file
Open in desktop
Expand Up @@ -92,6 +92,8 @@ See <<enable-audit-logging,Enable audit logging>>.

include::configuring-stack-security.asciidoc[]

include::securing-communications/update-tls-certificates.asciidoc[]

include::authentication/overview.asciidoc[]

include::authorization/overview.asciidoc[]
Expand Down
7 changes: 4 additions & 3 deletions x-pack/docs/en/security/securing-communications/security-basic-setup.asciidoc
View file
Open in desktop
Expand Up @@ -91,16 +91,17 @@ generate a CA for your cluster.
----
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
----
+
`--ca <ca_file>`:: Name of the CA file used to sign your certificates. The
default file name from the `elasticsearch-certutil` tool is `elastic-stack-ca.p12`.
+

a. Enter the password for your CA, or press *Enter* if you did not configure one in the previous step.

b. Create a password for the certificate and accept the default file name.
+
The output file is a keystore named `elastic-certificates.p12`. This file
contains a node certificate, node key, and CA certificate.
+
`--ca <ca_file>`:: Name of the CA file used to sign your certificates. The
default file name from the `elasticsearch-certutil` tool is `elastic-stack-ca.p12`.

. Copy the `elastic-certificates.p12` file to the `ES_PATH_CONF`
directory on every node in your cluster.
Expand Down