[Security] Provide an additional PKCS8 format version of the key by default for logstash/other use

[elasticmachine]

Original comment by @geekpete:

One less step for a user to have to run this:
openssl pkcs8 -in my-logstash-host.key -topk8 -nocrypt -out my-logstash-host.PKCS8.key

to be able to use the created key with Logstash, for example to configure encryption between Beats -> Logstash using the included Elasticsearch certgen tool to generate all the required ca/cert/keys.

[elasticmachine]

Original comment by @jakommo:

+1 on this. We still say in the docs that cert-gen can be used to generate the certs for beats/logstash, but do not mention that extra step.

[elasticmachine]

Original comment by @geekpete:

If we flip it around, what if logstash just supported the default certificate type created by certgen?

[elasticmachine]

Original comment by @jordansissel:

I don't know is this was not working before, but it works fine today. I tested Elasticsearch 6.1.1 x-pack's certgen and used the key+cert with Logstash beats input and the cert with Logstash lumberjack output. It works :)

[elasticmachine]

Original comment by @geekpete:

I'll see if this is still an issue...

[elasticmachine]

Original comment by @DaveCTurner:

@geekpete Is this still an issue? If not, could you close this? Thanks.

[elasticmachine]

Original comment by @jkakavas:

This could have been fixed on Logstash side, but nothing has changed on certgen , we still only generate PKCS#1 RSA private keys.