From b0914fa60487f4486b0edbec5a69076bf974d202 Mon Sep 17 00:00:00 2001
From: Mike Reeves <mike.reeves@securityonionsolutions.com>
Date: Thu, 21 Jan 2021 12:46:00 -0500
Subject: [PATCH] try .p12

---
 salt/elasticsearch/files/elasticsearch.yml | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/salt/elasticsearch/files/elasticsearch.yml b/salt/elasticsearch/files/elasticsearch.yml
index 3a763732b..d9cf80cd9 100644
--- a/salt/elasticsearch/files/elasticsearch.yml
+++ b/salt/elasticsearch/files/elasticsearch.yml
@@ -29,20 +29,24 @@ cluster.routing.allocation.disk.watermark.flood_stage: 98%
 #xpack.security.http.ssl.enabled: false
 xpack.security.transport.ssl.enabled: true
 xpack.security.transport.ssl.verification_mode: none
-xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys
-xpack.security.transport.ssl.keystore.password: changeit
-xpack.security.transport.ssl.truststore.path: /etc/pki/java/cacerts
-xpack.security.transport.ssl.truststore.password: changeit
+xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elasticsearch.p12
+xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elasticsearch.p12
+#xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys
+#xpack.security.transport.ssl.keystore.secure_password: changeit
+#xpack.security.transport.ssl.truststore.path: /etc/pki/java/cacerts
+#xpack.security.transport.ssl.truststore.password: changeit
 #xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
 #xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
 #xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ]
 {%- if grains['role'] in ['so-node','so-heavynode'] %}
 xpack.security.http.ssl.enabled: true
 xpack.security.http.ssl.client_authentication: none
-xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys
-xpack.security.http.ssl.keystore.password: changeit
-xpack.security.http.ssl.truststore.path: /etc/pki/java/cacerts
-xpack.security.http.ssl.truststore.password: changeit
+xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/elasticsearch.p12
+xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/elasticsearch.p12
+#xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/sokeys
+#xpack.security.http.ssl.keystore.secure_password: changeit
+#xpack.security.http.ssl.truststore.path: /etc/pki/java/cacerts
+#xpack.security.http.ssl.truststore.password: changeit
 #xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
 #xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
 #xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt