Hi I just tested the hot reload of certs and CA on 7.9.1-45.0.0
The procedure works as described here https://search-guard.com/elasticsearch-change-tls-root-CA/
but it seems the new server certificate isn’t being used.
openssl s_client -connect elasticnode01:9200 </dev/null | openssl x509 -in - -noout -text before and after the procedure reveals the same server certificate.
I don’t see anything in the server’s log file either.
Any help on how to troubleshoot this is appreciated