Encryption in Transit is done by configuring Elasticsearch to use TLS on both the transport and http endpoints.
The documentation for it starts here and there are also plenty of posts already on the forum about it.
Encryption at REST is not done by Elasticsearch, but by the operating system as explained in this post, for linux normally you just enable dm-crypt on your server.