How do you get the HTTP CA certificate SHA-256 fingerprint?

sherifabdlnaby / elastdocker

🐳 Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.

https://towardsdatascience.com/running-securing-and-deploying-elastic-stack-on-docker-f1a8ebf1dc5b

MIT License

1.8k stars 313 forks source link

How do you get the HTTP CA certificate SHA-256 fingerprint? #115

Closed runxc1 closed 1 month ago

runxc1 commented 1 month ago

Ask a question...

Looking at the documentation it looks like for some of the drivers if your self hosting you need the SHA-256 fingerprint of the cert in order to connect. How do you find that? It seems the script outputs most other needed passwords/api keys.

https://www.elastic.co/guide/en/elasticsearch/client/net-api/current/connecting.html

DemiBSel commented 1 month ago

The link you shared gives an openssl command that does just that :

openssl x509 -fingerprint -sha256 -in config/certs/http_ca.crt

Elastdocker puts the ca cert in secrets/certs/ca/ca.crt, so merge the two together :

 openssl x509 -fingerprint -sha256 -in secrets/certs/ca/ca.crt

runxc1 commented 1 month ago

Thanks a bunch, I didn't realize where the certs were kept. The driver connects to Elasticsearch itself so I ended up needing to get the fingerprint for Elasticsearch itself. Running the command below was able to get the information needed (adding for anyone who stumbles on this thread).

openssl x509 -fingerprint -sha256 -in secrets/certs/elasticsearch/elasticsearch.crt