From 931b22349f3f993f49ac18c3c4b392b740f96add Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Fri, 24 Jan 2020 09:56:51 -0800 Subject: [PATCH] [DOCS] Adds http to elasticsearch-certutil command reference (#51188) --- docs/reference/commands/certutil.asciidoc | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/docs/reference/commands/certutil.asciidoc b/docs/reference/commands/certutil.asciidoc index 0c1a9f25684..f69cb71364c 100644 --- a/docs/reference/commands/certutil.asciidoc +++ b/docs/reference/commands/certutil.asciidoc @@ -4,7 +4,7 @@ == elasticsearch-certutil The `elasticsearch-certutil` command simplifies the creation of certificates for -use with Transport Layer Security (TLS) in the Elastic Stack. +use with Transport Layer Security (TLS) in the {stack}. [float] === Synopsis @@ -26,13 +26,16 @@ bin/elasticsearch-certutil [-E ] [--keysize ] [--out ] [--pass ] ) + +| http + [-h, --help] ([-s, --silent] | [-v, --verbose]) -------------------------------------------------- [float] === Description -You can specify one of the following modes: `ca`, `cert`, `csr`. The +You can specify one of the following modes: `ca`, `cert`, `csr`, `http`. The `elasticsearch-certutil` command also supports a silent mode of operation to enable easier batch operations. @@ -108,6 +111,18 @@ private keys for each instance. Each CSR is provided as a standard PEM encoding of a PKCS#10 CSR. Each key is provided as a PEM encoding of an RSA private key. +[float] +[[certutil-http]] +==== HTTP mode + +The `http` mode guides you through the process of generating certificates for +use on the HTTP (REST) interface for {es}. It asks you a number of questions in +order to generate the right set of files for your needs. For example, depending +on your choices, it might generate a zip file that contains a certificate +authority (CA), a certificate signing request (CSR), or certificates and keys +for use in {es} and {kib}. Each folder in the zip file contains a readme that +explains how to use the files. + [float] === Parameters @@ -120,6 +135,9 @@ This parameter cannot be used with the `csr` or `ca` parameters. `csr`:: Specifies to generate certificate signing requests. This parameter cannot be used with the `ca` or `cert` parameters. +`http`:: Generates a new certificate or certificate request for the {es} HTTP +interface. + `--ca `:: Specifies the path to an existing CA key pair (in PKCS#12 format). This parameter cannot be used with the `ca` or `csr` parameters.