Configure HTTPS for Elasticsearch
1. Generate CA and key for ELK stack
./bin/elasticsearch-certutil ca2. Generate certs and its key for nodes (in the cluster, do the same for each node)
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p123. Config the node inter communication - elasticsearch.yml
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
if there is a password for the private key then add it to elasticsearch keystore.
./bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
./bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password
4. Generate cert and its key for https config
./bin/elasticsearch-certutil httpIt generated elasticsearch-ssl-http.zip file:
/elasticsearch
|_ README.txt
|_ http.p12
|_ sample-elasticsearch.yml
/kibana
|_ README.txt
|_ elasticsearch-ca.pem
|_ sample-kibana.yml
5. From Elasticsearch, use the key http.p12 from previous step - elasticsearch.yml
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: http.p12
if there is a password for the private key, then add it to elasticsearch keystore.
./bin/elasticsearch-keystore add xpack.security.http.ssl.keystore.secure_password6. From Kibana, use the cert elasticsearch-ca.pem from the previous step – kibana.yml
elasticsearch.ssl.certificateAuthorities: elasticsearch-ca.pem
elasticsearch.hosts: https://:9200
References:
https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup.html
https://www.elastic.co/guide/en/elasticsearch/reference/current/security-basic-setup-https.html