ES 7.1 Cross cluster search and TLS

o1o1o11o1 · May 23, 2019, 3:34pm

I have two ES 7.1 clusters with TLS enabled and they are working fine as separate clusters. I am trying to configure cross-cluster search between both clusters. The documentation states:

Enable a trust relationship between the cluster used for performing cross cluster search (the local cluster) and all remote clusters. This can be done either by:

Using the same certificate authority to generate certificates for all connected clusters, or

Adding the CA certificate from the local cluster as a trusted CA in each remote cluster (see Transport TLS settings).

I've used elasticsearch-certutil cert to generate the certs on both clusters.

Can I just copy the cert file from cluster 1 to cluster 2 to satisfy option 1 above ?
If I keep two different certificates for each cluster like I currently have, what will the configuration look like for option 2 ?

TimV · May 24, 2019, 2:13am

Assuming your certs are not tied to a specific IP/DNS name then that should work fine.

If you want to use option 2, then you would need to extract the CA from each cluster and copy it into the PKCS#12 file for the other cluster.
keytool can do that for you.

system · June 21, 2019, 2:13am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.