= Keystore Details
This document details the steps used to create the certificate and keystore files in this directory.

== Instructions on generating certificates

The certificates in this directory have been generated using elasticsearch-certutil (8.0.0 SNAPSHOT)

=== Certificates for security the HTTP server
[source,shell]
-----------------------------------------------------------------------------------------------------------
elasticsearch-certutil ca --pem --out=${PWD}/ca.zip --pass="ca-password" --days=3500
unzip ca.zip
mv ca/ca.crt ./ca.crt
mv ca/ca.key ./ca.key

rm ca.zip
rmdir ca
-----------------------------------------------------------------------------------------------------------

[source,shell]
-----------------------------------------------------------------------------------------------------------
elasticsearch-certutil cert --pem --name=node --out=${PWD}/node.zip --pass="node-password" --days=3500 \
    --ca-cert=${PWD}/ca.crt --ca-key=${PWD}/ca.key --ca-pass="ca-password" \
    --dns=localhost --dns=localhost.localdomain --dns=localhost4 --dns=localhost4.localdomain4 --dns=localhost6 --dns=localhost6.localdomain6 \
    --ip=127.0.0.1 --ip=0:0:0:0:0:0:0:1

unzip node.zip
mv node/node.* ./

rm node.zip
rmdir node
-----------------------------------------------------------------------------------------------------------

[source,shell]
-----------------------------------------------------------------------------------------------------------
keytool -importcert -file ca.crt -keystore ca.p12 -storetype PKCS12 -storepass "password" -alias ca
-----------------------------------------------------------------------------------------------------------