Elasticsearch Shield SSL Certificates


(Radap) #1

Hi guys!
I`m using elastic 2.2.0 with shield 2.2, 10 nodes cluster. I need to enable ssl in Elastic for Kibana to work with shield and I got troubled on the certification signing part.

I do not have a wild card certificate so I cant sign just one csr in node and copy it to all other nodes, I tried to use letsencrypt (with the elastic tutorial) and sign a certificate with common name of node1 and alternative names of node2-10 and copy it to all other nodes (of course I firstly created domains for all 10 servers and pointed it to node1, sign the csr, then pointed all the 9 to the right server), it didn't work and I got a lot of "bed certificate" exceptions in the nodes log.

As I said, I need ssl for kibana to work with shield, and for secure connections in general, and I planning to add some more nodes to the cluster...
How can I manage to do so?
What would be the best architecture for that purpose?


(system) #2