javaspring-bootelasticsearchssl-certificateelasticsearch-high-level-restclient

Elastic Search SSL Certificate Expiry


I'm new to Elastic search. Integrated my Spring boot application with Elastic search through Java High Level Rest Client and I've enabled security by providing below properties after setting up the certificate and passwords:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

Will this certificate expire? If yes, then how to handle this scenario in production?


Solution

  • Yes, you are correct. By default, the CA and Certificate expire in 3 years.

    You can hit below GET API as per Elasticsearch documentation for checking the Expiry:

    GET /_ssl/certificates