elasticsearch-readonlyrest-plugin icon indicating copy to clipboard operation
elasticsearch-readonlyrest-plugin copied to clipboard

Published 20 hours ago verified publisher icon sscarduzio

Support for certificates in PEM format, in addition to keystore format

Open jpmckinney opened this issue 3 years ago • 2 comments

For comparison, Elasticsearch supports both (e.g. in the instructions on this page: https://www.elastic.co/guide/en/elasticsearch/reference/7.10/configuring-tls.html).

I use Apache's mod_md to automatically get and renew certificates from Let's Encrypt. Like certbot and other tools, it creates certificates in PEM format.

While I can add a hook to convert to PKCS#12 format and then to keystore format (using commands from this blog post, for example), it would be simpler to just point readonlyrest.yml to the certificates in PEM format.

jpmckinney avatar Dec 21 '20 20:12 jpmckinney

@jpmckinney please check out this: https://docs.readonlyrest.com/elasticsearch#using-lets-encrypt

coutoPL avatar Dec 19 '21 19:12 coutoPL

@coutoPL Yes, I already do those steps. It would be nice to just be able to use the original PEM files instead of converting to PKCS12. It's nice that converting to JKS Keystore is (now) optional.

jpmckinney avatar Dec 20 '21 23:12 jpmckinney

hi @jpmckinney this is supported starting from ROR 1.44.0

coutoPL avatar Oct 09 '22 19:10 coutoPL