02 April 2020

elasticsearch license basic, security enable

When your license is basic, and you set xpack.security.enabled to true, elastic will require to enable ssl(xpack.security.transport.ssl.enabled=true)


This page(1) will help to create certificate, in order to enable transport.ssl.

0) download elasticsearch tar.gz file and extract somewhere

1) Create ca
        $ bin/elasticsearch-certutil ca
# by default will create file elastic-stack-ca.p12 in config/ dir
   

2) create cert
        $bin/elasticsearch-certutil cert --ca config/elastic-stack-ca.p12


3) copy the cert to others node
4) Tell node to use this Cert. In elasticsearch.yml
      xpack.security.transport.ssl.enabled: true
      xpack.security.transport.ssl.verification_mode: certificate
      xpack.security.transport.ssl.keystore.path: elastic-certificates.p12


5) Tell node to trust any certificate by the CA. In elasticsearch.yml
      xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

   # file elastic-certificates.p12 will contain both Cert and the CA



ref:
1) https://www.elastic.co/guide/en/elasticsearch/reference/7.6/configuring-tls.html
2) https://www.elastic.co/fr/blog/getting-started-with-elasticsearch-security

Posted by at
Labels:

No comments:

Post a Comment

Terima kasih

Subscribe to: Post Comments (Atom)