From version 5.0 onward, Shield is part of X-Pack. For more information, see Securing the Elastic Stack.
« Create a certificate signing request Configure the keystores and enable SSL »
Elastic Docs Shield - Elasticsearch Security Plugin [1.0] Securing Nodes

Install the newly signed certificate

edit
IMPORTANT: This documentation is no longer updated. Refer to Elastic's version policy and the latest documentation.

Install the newly signed certificate

edit

Replace the existing unsigned certificate by importing the new signed certificate from your CA into the node keystore:

keytool -importcert                       \
        -keystore   node01.jks            \
        -file       node01-signed.crt     \ 
        -alias      node01

This name of the signed certificate file that you received from the CA.

The alias must be the same as the alias that you used in Generate a node private key and certificate.

keytool confuses some PEM-encoded certificates with extra text headers as DER-encoded certificates, giving this error: java.security.cert.CertificateParsingException: invalid DER-encoded certificate data. The text information can be deleted from the certificate. The following openssl command will remove the text headers:

openssl x509 -in node01-signed.crt -out node01-signed-noheaders.crt
« Create a certificate signing request Configure the keystores and enable SSL »