title: “Elastic Opendistro Certs”
date: 2021-04-26T20:27:35
slug: elastic-opendistro-certs

/usr/share/elasticsearch/config

root-ca.pem
Common Name: Example Com Inc. Root CA
Organization: Example Com Inc.
Organization Unit: Example Com Inc. Root CA
Valid From: April 21, 2018
Valid To: April 18, 2028
Issuer: Example Com Inc. Root CA, Example Com Inc.
Serial Number: 1 (0x1)

esnode.pem
Common Name: node-0.example.com
Subject Alternative Names: Registered ID:1.2.3.4.5.5, node-0.example.com, localhost, IP Address:127.0.0.1
Organization: node
Organization Unit: node
Locality: test
Valid From: April 21, 2018
Valid To: April 18, 2028
Issuer: Example Com Inc. Root CA, Example Com Inc.
Serial Number: 1524368626614 (0x162eb7353b6)

kirk.pem (Client)
Common Name: kirk
Organization: client
Organization Unit: client
Locality: test
Country: de
Valid From: April 21, 2018
Valid To: April 18, 2028
Issuer: Example Com Inc. Root CA, Example Com Inc.
Serial Number: 1524368626616 (0x162eb7353b8)

Create Client Cert

openssl req -nodes -new -newkey rsa:2048 -sha256 -keyout client.key -out client.csr
openssl x509 -req -in client.csr -CA root-ca.pem -CAkey root-ca-key.pem -CAcreateserial -out client.crt -days 3650 -sha256

curl -vvvk --cert client.crt --key client.key --cacert root-ca.pem https://elastic.apps.thasanger-dev-pop.noris.de/

oc create configmap elasticsearch-tls --from-file=root-ca.pem=root-ca.pem --from-file=root-ca-key.pem=root-ca-key.pem --from-file=elastic.crt=elastic.crt --from-file=elastic.key=elastic.key --from-file=client.crt=client.crt --from-file=client.key=client.key -oyaml --dry-run