Elasticsearch certutil new certificates

A very specific question!

certutil is a command-line tool that comes with Elasticsearch, and it's used to manage certificates and SSL/TLS configurations. Here's how you can use it to create new certificates:

Create a new certificate

To create a new certificate, you can use the following command:

certutil --new-cert --name <your_cert_name> --subject <your_subject> --key-size <your_key_size> --days <your_cert_validity>

Here's a breakdown of the options:

For example, to create a new certificate named "my-cert" with a subject of "My Company" and a key size of 2048, you would run:

certutil --new-cert --name my-cert --subject "My Company" --key-size 2048 --days 3650

This will create a new certificate with the specified name, subject, key size, and validity period.

Create a self-signed certificate

If you want to create a self-signed certificate (i.e., a certificate that is not signed by a trusted Certificate Authority), you can use the following command:

certutil --new-cert --name <your_cert_name> --subject <your_subject> --key-size <your_key_size> --days <your_cert_validity> --self-signed

This command is similar to the previous one, but it adds the --self-signed option to indicate that the certificate should be self-signed.

For example, to create a self-signed certificate named "my-cert" with a subject of "My Company" and a key size of 2048, you would run:

certutil --new-cert --name my-cert --subject "My Company" --key-size 2048 --days 3650 --self-signed

This will create a self-signed certificate with the specified name, subject, key size, and validity period.