Configuring SSL Elasticsearch 3 node cluster

Hello Team,

We have 3 node cluster as followes

3 Master-eligible nodes - node1,node2,node3
3 Data nodes - node1,node2,node3
Kibana is running on node3

We have to configure SSL in to make the communication secure.
I have followed the given steps in this blog : https://www.elastic.co/blog/elasticsearch-security-configure-tls-ssl-pki-authentication.

we have generated .key .cer files for all 3 nodes,now how to create a single singed CA file to trust all nodes certificates is my doubt

Another question is how to create a Client certificate , that is for Kibana ?

I have gone through several documents and blogs but couldn't find 3 node cluster with HTTPS . Please give me detailed explanation if possible with the steps!!

Thanks,
Ramya

We are using a different product for security, but it seems the linked page
(https://www.elastic.co/blog/elasticsearch-security-configure-tls-ssl-pki-authentication) has the answer to your question.

With

bin/elasticsearch-certutil ca

you generate a certificate authority (CA) certificate, by default it is stored (along with its key) in elastic-stack-ca.p12 .

If you need a pem version, issue

bin/elasticsearch-certutil ca -pem

instead, this will get you a zip file with the certificate (ca.crt) and the key (ca.key) file.

When configuring the nodes and Kibana, you can use the above ca.crt (or extract the cert from the p12 container with openssl, e.g.

openssl pkcs12 -in elastic-stack-ca.p12 -out elastic-stack-ca.crt.pem -clcerts -nokeys

Hi hunsw,

Thanks for your reply.
I am looking for how to generate signed CA certificate.

Thanks,
Ramya

Here's a superb guide to set up your CA:

https://jamielinux.com/docs/openssl-certificate-authority/

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.