Skip to content

[DOCS] Adds http to elasticsearch-certutil command reference #51188

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jan 24, 2020
Merged

[DOCS] Adds http to elasticsearch-certutil command reference #51188

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
6c0d07a
[DOCS] Adds http to elasticsearch-certutil command reference
lcawl Jan 17, 2020
71226d8
[DOCS] Fixes location of certutil http definition
lcawl Jan 22, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 20 additions & 2 deletions docs/reference/commands/certutil.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
== elasticsearch-certutil

The `elasticsearch-certutil` command simplifies the creation of certificates for
use with Transport Layer Security (TLS) in the Elastic Stack.
use with Transport Layer Security (TLS) in the {stack}.

[float]
=== Synopsis
Expand All @@ -26,13 +26,16 @@ bin/elasticsearch-certutil
[-E <KeyValuePair>] [--keysize <bits>] [--out <file_path>]
[--pass <password>]
)

| http

[-h, --help] ([-s, --silent] | [-v, --verbose])
--------------------------------------------------

[float]
=== Description

You can specify one of the following modes: `ca`, `cert`, `csr`. The
You can specify one of the following modes: `ca`, `cert`, `csr`, `http`. The
`elasticsearch-certutil` command also supports a silent mode of operation to
enable easier batch operations.

Expand Down Expand Up @@ -108,6 +111,18 @@ private keys for each instance. Each CSR is provided as a standard PEM
encoding of a PKCS#10 CSR. Each key is provided as a PEM encoding of an RSA
private key.

[float]
[[certutil-http]]
==== HTTP mode

The `http` mode guides you through the process of generating certificates for
use on the HTTP (REST) interface for {es}. It asks you a number of questions in
order to generate the right set of files for your needs. For example, depending
on your choices, it might generate a zip file that contains a certificate
authority (CA), a certificate signing request (CSR), or certificates and keys
for use in {es} and {kib}. Each folder in the zip file contains a readme that
explains how to use the files.

[float]
=== Parameters

Expand All @@ -120,6 +135,9 @@ This parameter cannot be used with the `csr` or `ca` parameters.
`csr`:: Specifies to generate certificate signing requests. This parameter
cannot be used with the `ca` or `cert` parameters.

`http`:: Generates a new certificate or certificate request for the {es} HTTP
interface.

`--ca <file_path>`:: Specifies the path to an existing CA key pair
(in PKCS#12 format). This parameter cannot be used with the `ca` or `csr` parameters.

Expand Down