Update Elasticsearch certificates in Componentpack · stoeps  

By Christoph Stoettner | 9/5/22 2:04 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Elasticsearch in HCL Connections Componentpack is secured with Searchguard and needs certificates to work properly. These certificates are generated by bootstrap during the initial container deployment with helm. These certificates are valid for 10 years (chain_ca.pem) or 2 years (elasticsearch*.pem) and stored in the Kubernetes secrets elasticsearch-secret, elasticsearch-7-secret. So when your HCL Connections deployment is running for 2 years, the certficates stop working. The documentation on bootstrap is a little bit misleading and my suggested update does not make it into a technote or documentation update since nearly one year.