Hello,
I want to use my own CA certificate in enrolling elastic nodes in the same cluster.
What are the steps to follow?
Thanks.
you create your own CA using command
/usr/share/Elasticsearch/bin/Elasticsearch-certutil cert cert --ca elastic-stack-ca.p12 --days <#days>
mkdir /etc/ealsticsearch/config
move newly created certificate to that location
cp /usr/share/Elasticsearch/elastic-stack-ca.p12 /etc/Elasticsearch/config/
make sure that certificate is own by user Elasticsearch.
add these three line in Elasticsearch.conf
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/config/elastic-stack-ca.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/config/elastic-stack-ca.p12
and you done.
also add same file in to all nodes you have
Hello Sachin,
It worked.
Thanks.