Configuring a Cluster with public certificates

Hello!

How to set up a cluster with public certificates? I have certificates from AlphaSSL with wildcard *.mydomain.com :
root_ca.crt
intermediate.crt
mydomain.key
mydomain.crt

How can I properly configure transport and http layers?
This is the configuration now, but it only works with elasticsearch.ssl.verificationMode: none.
f you put "full" or "certificate", then Kibana gives the error "Kibana is not ready yet".

Config in Elasticsearch nodes:

node.name: es-1.mydomain.com
network.host: es-1.mydomain.com
discovery.seed_hosts: ["es-1.mydomain.com", "es-2.mydomain.com", "es-3.mydomain.com"]
xpack.security.http.ssl:
  enabled: true
  certificate: certs/mydomain.crt
  key: certs/mydomain.key
  certificate_authorities: certs/intermediate.crt
xpack.security.transport.ssl:
  enabled: true
  verification_mode: certificate
  certificate: certs/mydomain.crt
  key: certs/mydomain.key
  certificate_authorities: certs/intermediate.crt

Config in Kibana node:

server.host: "kibana.mydomain.com"
server.publicBaseUrl: "https://kibana.mydomain.com:5601"
server.name: "kibana.mydomain.com"
server.ssl.certificate: /etc/kibana/certs/kibana.crt #mydomain.crt+intermediate.crt+root_ca.crt
server.ssl.key: /etc/kibana/certs/mydomain.key
elasticsearch.hosts: ["https://es-1.mydomain.com:9200", "https://es-3.mydomain.com:9200", "https://es-3.mydomain.com:9200"]
elasticsearch.ssl.certificateAuthorities: ["/etc/kibana/certs/intermediate.crt"]
elasticsearch.ssl.verificationMode: none

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.