Closed nuno-andre closed 1 year ago
Hello @nuno-andre,
From your comment, it seems like you want PEM certificates without a password. From our documentation:
--pass
Specifies the password for the generated private keys. This parameter cannot be used with the http parameters. Keys stored in PKCS#12 format are always password protected, however, this password may be blank. If you want to specify a blank password without a prompt, use --pass "" (with no =) on the command line.
Keys stored in PEM format are password protected only if the --pass parameter is specified. If you do not supply an argument for the --pass parameter, you are prompted for a password. Encrypted PEM files do not support blank passwords (if you do not wish to password-protect your PEM keys, then do not specify --pass).
So, you'll need to remove the --pass
option from your command to make it work.
I hope this helps to clarify your question.
Cheers
Hello @HiDAl!
Sorry for the confusion. I was modifying a deployment with PKCS #12 and I took for granted that I needed to indicate those parameters to avoid the password prompt. I have now verified that this is not the case. Thanks!
Elasticsearch Version
Version: 8.6.1, Build: deb/180c9830da956993e59e2cd70eb32b5e383ea42c/2023-01-24T21:35:11.506992272Z, JVM: 19.0.1
Installed Plugins
No response
Java Version
bundled
OS Version
Linux elk-poc-1 5.15.0-58-generic #64-Ubuntu SMP Thu Jan 5 11:43:13 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
Problem Description
elasticsearch-certutil cert
raisesjava.lang.IllegalArgumentException: password empty
with--pass ""
and/or--ca-pass ""
arguments when executed with--pem
(but not with PKCS#12).This command runs properly:
Steps to Reproduce
Logs (if relevant)