elasticsearch证书过期进行更换

原创

已于 2025-06-17 10:10:49 修改 · 473 阅读

0 ·

CC 4.0 BY-SA版权

文章标签：

#elasticsearch #java

于 2025-06-17 10:10:31 首次发布

es配置文件

xpack.security.enabled: true
xpack.security.enrollment.enabled: true
cluster.initial_master_nodes: ["iZ8vb6tda6e8mwssfo6usfZ"]
http.host: 0.0.0.0
path:
  data: /usr/sftp/file/es-data  #数据路径
  logs: /usr/sftp/file/es-data/logs   #日志路径


# ====== CERT FIX START (自动生成于 2025年 06月 17日 星期二 09:32:38 CST) ======
# 传输层SSL配置
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/elasticsearch-cert.p12
  truststore.path: certs/truststore.jks
  keystore.type: PKCS12
  truststore.type: JKS
  truststore.password: changeit
# HTTP层SSL配置
xpack.security.http.ssl:
  enabled: true
  verification_mode: certificate
  keystore.path: certs/elasticsearch-cert.p12
  truststore.path: certs/truststore.jks
  keystore.type: PKCS12
  truststore.type: JKS
  truststore.password: changeit
# ====== CERT FIX END ======

一键生成脚本

#!/bin/bash

# =============================================================================
# Elasticsearch 单机版 SSL 证书修复工具 (适用于 OpenSSL 1.0)
# 版本：3.4 | 日期：2025-06-17
# ============================================================================= 

# --------------------------------------
# 颜色输出函数（必须放在最前）
# --------------------------------------
function status_msg() {
   
    echo -e "\e[1;32m[✓] $1\e[0m"; }
function warning_msg() {
   
    echo -e "\e[1;33m[!] $1\e[0m"; }
function error_msg() {
   
    echo -e "\e[1;31m[✗] $1\e[0m"