First of all, thanks to the search guard team you are doing a great job!.
I have a cluster running with my own certs, (generated with tlstool) and i need to rollover the certs.
I allready created the new ones and copied to the config folder.
If i restart one node, it fails to load because the new cert is different to the active one (certificate_unknown). So I need to reastart all the nodes.
But if i do that i will end with all the indices in red status?
I am running elasticsearch in containers, and mounted the container folder /usr/share/elasticsearch/data into the host to keep data when container restarts. The problem is when i restart the container elastic start to moving shards to rebalance shards/replicas, and for my previus experience if i restart all of them without a batch interval of 10 mins (the time needed to rebalance) i loose data and end with red indices.
its there another way to rollover certificates? or a best way to approach this?
thanks to you all!
edit: i was missing to change the pemkey pass. so doing it i receive also
PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors