Hardening elasticsearch using certificate from sectigo

xalastoi · August 3, 2022, 11:10am

0

Due to auditing requirements, it is necessary to encrypt all connections between the application and the elasticsearch cluster after a little googling, I realized that the elasticsearch cluster protection looks like this

Enable x-pack: true in elasticsearch.yml
generate CA
copy the CA to each node in the cluster
generate a certificate for each node (by signing it using the generated CA in paragraph 2) in this case, we will have a secure connection ONLY between the nodes in the cluster (on port 9300) inter-node tls

I have purchased an SSL certificate and the certificate files look like this STAR_rem-masters_com.ca-bundle star_rem_masters_com_certificate.crt

(I bought these certificates from sectigo) Now the question is how can these certificates be used for inter-node ssl and client-server ( application > elasticsearch ) because in all examples they use self-signed certificates that are generated using elasticsearch-certutil

79g · August 3, 2022, 11:18am

Hello,

have you checked the documentation?

Set up basic security for the Elastic Stack plus secured HTTPS traffic

It refers to the scenario you mean.

See:

server.ssl.certificate: $KBN_PATH_CONF/kibana-server.crt
server.ssl.key: $KBN_PATH_CONF/kibana-server.key

Hope it helps.

xalastoi · August 3, 2022, 11:43am

is this configured in elasticsearch.yml?

79g · August 3, 2022, 11:47am

system · August 31, 2022, 11:47am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.