Hardening elasticsearch using certificate from sectigo


Due to auditing requirements, it is necessary to encrypt all connections between the application and the elasticsearch cluster after a little googling, I realized that the elasticsearch cluster protection looks like this

  1. Enable x-pack: true in elasticsearch.yml
  2. generate CA
  3. copy the CA to each node in the cluster
  4. generate a certificate for each node (by signing it using the generated CA in paragraph 2) in this case, we will have a secure connection ONLY between the nodes in the cluster (on port 9300) inter-node tls

I have purchased an SSL certificate and the certificate files look like this STAR_rem-masters_com.ca-bundle star_rem_masters_com_certificate.crt

(I bought these certificates from sectigo) Now the question is how can these certificates be used for inter-node ssl and client-server ( application > elasticsearch ) because in all examples they use self-signed certificates that are generated using elasticsearch-certutil


have you checked the documentation?

Set up basic security for the Elastic Stack plus secured HTTPS traffic

It refers to the scenario you mean.


server.ssl.certificate: $KBN_PATH_CONF/kibana-server.crt
server.ssl.key: $KBN_PATH_CONF/kibana-server.key

Hope it helps.

1 Like

is this configured in elasticsearch.yml?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.