openssl genrsa -out admin-es.key 2048
openssl req -new -key admin-es.key -out admin-es.csr
openssl pkcs8 -topk8 -inform pem -in admin-es.key -outform pem -out admin-es.pkcs
openssl x509 -req -in admin-es.csr -CA domain.pem -CAkey domain.key -CAcreateserial -out admin-es.pem -days 1024 -sha256
openssl x509 -noout -subject -in admin-es.full.pem
subject= /C=CZ/ST=Some-State/L=Prague/O=domain/CN=admin
elasticsearch.yml
searchguard.authcz.admin_dn:
- C=CZ,ST=Some-State,L=Prague,O=domain,CN=admin
/usr/share/elasticsearch/plugins/search-guard-5/tools/sgadmin.sh -nhnv -key admin-es.pkcs -icl -cert admin-es.pem -cacert domain.pem -keypass pass
SSL Problem Received fatal alert: bad_certificate
cat admin-es.pem domain.pem > admin-es.full.pem
/usr/share/elasticsearch/plugins/search-guard-5/tools/sgadmin.sh -nhnv -key admin-es.pkcs -icl -cert admin-es.full.pem -cacert domain.pem -keypass pass
SSL Problem Received fatal alert: certificate_unknown