Elasticsearch Cross Cluster Search Implementation

tusharnemade · December 31, 2020, 7:13am

Hi Tim

I have executed keytool command in following ways to have both nodes of different cluster each , have their CA certificates trusted.

On Local Cluster node

[esearch@elk-localnode-1 ~]$ keytool -importkeystore -srckeystore /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates-elk-remotenode-1.p12 -srcstorepass "elastic" -destkeystore /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates.p12  -deststorepass "elastic"

Importing keystore /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates-elk-remotenode-1.p12 to /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates.p12...
Existing entry alias instance exists, overwrite? [no]:  no
Enter new alias name    (RETURN to cancel import for this entry):  elk-remotenode-1-remote
Entry for alias instance successfully imported.
Existing entry alias ca exists, overwrite? [no]:  no
Enter new alias name    (RETURN to cancel import for this entry):  elk-remotenode-1-ca
Entry for alias ca successfully imported.
Import command completed:  2 entries successfully imported, 0 entries failed or cancelled
[esearch@elk-localnode-1 ~]$

On Remote Cluster Node

[esearch@elk-remotenode-1 ~]$ keytool -importkeystore -srckeystore /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates-elk-localnode-1.p12 -srcstorepass "elastic" -destkeystore /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates.p12  -deststorepass "elastic"

Importing keystore /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates-elk-localnode-1.p12 to /mnt/elasticsearch-7.8.0/config/certs/elastic-certificates.p12...
Existing entry alias instance exists, overwrite? [no]:  no
Enter new alias name    (RETURN to cancel import for this entry):  elk-localnode-instance
Entry for alias instance successfully imported.
Existing entry alias ca exists, overwrite? [no]:  no
Enter new alias name    (RETURN to cancel import for this entry):  elk-localnode-ca
Entry for alias ca successfully imported.
Import command completed:  2 entries successfully imported, 0 entries failed or cancelled

It did worked successfully as expected.

I will accept it as a solution in this forum.

Could you please help me in one more thing ...

I am generating Nodes Certificates using

elasticsearch-certutil ca

How to pass Alias names for Instance and CA while creating certificates.

Thanks
Tushar Nemade

Topic		Replies	Views
SSL Communication Client and Cluster Error Elasticsearch	7	860	March 22, 2018
Trusting remote clusters' CA Elasticsearch elastic-stack-security	4	440	March 27, 2023
Cross Cluster Search locally Elastic Training ccs-cross-cluster-search	3	790	February 20, 2020
Need help in - TLS in elastic cluster settings Elasticsearch elastic-stack-security	2	586	December 30, 2018
Xpack clarification Elasticsearch elastic-stack-security	2	350	August 1, 2019

Elasticsearch Cross Cluster Search Implementation

Related topics