Understanding elasticsearch certificate

Question

I saw there are two type of certificate which is elastic-stack-ca.p12 and elastic-certificates.p12. What are the differences between these two certificate.

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html#generate-certificates

Also I noticed we have HTTP certificate

https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup-https.html#encrypt-http-communication

why there are so many certificate.

If I want to send data from beats which certificate should be used? I saw it need .cer and .key

can someone help me to understand this.

Answer 1

You need both, and each one has a specific role.

***ca.p12 is the certificate to the new Certificate Autohirity which is created since Elastic certificated is auto assigned.

***certificate.p12 is the certificate to each single instance of your elasticsearch cluster.

I would recommend you to follow the steps here https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html

Source: https://www.elastic.co/guide/en/elasticsearch/reference/current/certutil.html#certutil-ca

ca.p12 -> CA Mode

The ca mode generates a new certificate authority (CA). By default, it produces a single PKCS#12 output file, which holds the CA certificate and the private key for the CA. If you specify the --pem parameter, the command generates a zip file, which contains the certificate and private key in PEM format.

certificates.p12 -> Cert Mode

The cert mode generates X.509 certificates and private keys. By default, it produces a single certificate and key for use on a single instance.

To generate certificates and keys for multiple instances, specify the --multiple parameter, which prompts you for details about each instance. Alternatively, you can use the --in parameter to specify a YAML file that contains details about the instances.