Skip to content

Commit

Permalink
Instructions to retrieve keystore pwd (elastic#84340) (elastic#84934)
Browse files Browse the repository at this point in the history
In 8.0.0. we introduce TLS autoconfiguration. We store the key and
certificate materials in password protected PKCS#12 keystores and
we store these passwords in the elasticsearch keystore.
This commit adds instructions on how to get hold of the passwords
for users to inspect or alter the PKCS#12 keystores.

(cherry picked from commit 8cebba5)
  • Loading branch information
jkakavas authored Mar 15, 2022
1 parent 8190962 commit 140834a
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions docs/reference/setup/install/security-files-reference.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,21 @@ Keystore that contains the key and certificate for the HTTP layer for this node.
`transport.p12`::
Keystore that contains the key and certificate for the transport layer for all
the nodes in your cluster.

`http.p12` and `transport.p12` are password-protected PKCS#12 keystores. {es}
stores the passwords for these keystores as <<secure-settings,secure
settings>>. To retrieve the passwords so that you can inspect or change the
keystore contents, use the
<<elasticsearch-keystore,`bin/elasticsearch-keystore`>> tool.

Use the following command to retrieve the password for `http.p12`:
[source,sh]
-------------------------
bin/elasticsearch-keystore show xpack.security.http.ssl.keystore.secure_password
-------------------------

Use the following command to retrieve the password for `transport.p12`:
[source,sh]
-------------------------
bin/elasticsearch-keystore show xpack.security.transport.ssl.keystore.secure_password
-------------------------

0 comments on commit 140834a

Please sign in to comment.