When you install Event Data Store it comes with a pre-configured SSL certificate, and default keystore and trustore files. The keystore and truststore function as repositories for the storage of keys and certificates necessary for SSL authentication, encryption/decryption, and digital signing/verification services. You can find the default truststore and keystore files in the following locations:

For more information about how to enable or disable SSL for Event Data Store, see Enabling SSL for Event Data Store and Disabling SSL for Event Data Store, respectively.

The Event Data Store is enabled for SSL through the Elasticsearch Search Guard plugin. The Search Guard plugin provides an sgadmin command line tool that you can use to customize your Search Guard configuration. To modify the Search Guard configuration of an SSL-enabled Event Data Store, you must authenticate the sgadmin tool with a .jks-based keystore and truststore. Run one of the following scripts to access the sgadmin tool:

If you use Event Data Store in a production environment, you should replace the Event Data Store default certificates, keystore and truststore files with custom files. For more information about creating keystores and truststores, importing keys and certificates into keystores and truststores, and other operations with these files, see the documentation for your certificate management tool.