changing CA and host certificates

Hi,

What’s the procedure to change all host certificates (and possibly also the CA)?
I guess this requires a full cluster restart and restart of all nodes?

Cheers

New ssl certificates signed by the same root CA (or intermediate CA) can be applied in a rolling restart manner.

When your CA changes you can first update your truststore in a rolling manner adding the new CA (but keeping the old).
Then change the certs in a rolling restart manner. Then removing the old CA from your trustores in a rolling restart manner.

···

Am 27.06.2017 um 16:00 schrieb Fabien Wernli <swissunix@gmail.com>:

Hi,

What's the procedure to change all host certificates (and possibly also the CA)?
I guess this requires a full cluster restart and restart of all nodes?

Cheers

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/8a2ed7ca-617a-406c-bc3f-c70b3f6539e7%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Thanks!