Hello!
How to set up a cluster with public certificates? I have certificates from AlphaSSL with wildcard *.mydomain.com :
root_ca.crt
intermediate.crt
mydomain.key
mydomain.crt
How can I properly configure transport and http layers?
This is the configuration now, but it only works with elasticsearch.ssl.verificationMode: none.
f you put "full" or "certificate", then Kibana gives the error "Kibana is not ready yet".
Config in Elasticsearch nodes:
node.name: es-1.mydomain.com
network.host: es-1.mydomain.com
discovery.seed_hosts: ["es-1.mydomain.com", "es-2.mydomain.com", "es-3.mydomain.com"]
xpack.security.http.ssl:
enabled: true
certificate: certs/mydomain.crt
key: certs/mydomain.key
certificate_authorities: certs/intermediate.crt
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
certificate: certs/mydomain.crt
key: certs/mydomain.key
certificate_authorities: certs/intermediate.crt
Config in Kibana node:
server.host: "kibana.mydomain.com"
server.publicBaseUrl: "https://kibana.mydomain.com:5601"
server.name: "kibana.mydomain.com"
server.ssl.certificate: /etc/kibana/certs/kibana.crt #mydomain.crt+intermediate.crt+root_ca.crt
server.ssl.key: /etc/kibana/certs/mydomain.key
elasticsearch.hosts: ["https://es-1.mydomain.com:9200", "https://es-3.mydomain.com:9200", "https://es-3.mydomain.com:9200"]
elasticsearch.ssl.certificateAuthorities: ["/etc/kibana/certs/intermediate.crt"]
elasticsearch.ssl.verificationMode: none