I have two ES 7.1 clusters with TLS enabled and they are working fine as separate clusters. I am trying to configure cross-cluster search between both clusters. The documentation states:
Enable a trust relationship between the cluster used for performing cross cluster search (the local cluster) and all remote clusters. This can be done either by:
- Using the same certificate authority to generate certificates for all connected clusters, or
- Adding the CA certificate from the local cluster as a trusted CA in each remote cluster (see Transport TLS settings).
I've used elasticsearch-certutil cert
to generate the certs on both clusters.
Can I just copy the cert file from cluster 1 to cluster 2 to satisfy option 1 above ?
If I keep two different certificates for each cluster like I currently have, what will the configuration look like for option 2 ?