Having issues with elasticsearch encryption

Elastic Stack Elasticsearch
1

I'm trying to enable encryption for elasticsearch cluster (3 nodes) and was able to do tls and http. when I turn on the xpack.security.enabled: true one node is asking for the authentication and other is not. License type is basic. Are there any additional steps I need to follow? Elasticsearch version I'm currently using is 6.5.1.
When I try to Access https://node1:9200/_xpack/security/_authenticate?pretty asks me for authentication and other node displays below message

{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "current license is non-compliant for [security]",
"license.expired.feature" : "security"
}
],
"type" : "security_exception",
"reason" : "current license is non-compliant for [security]",
"license.expired.feature" : "security"
},
"status" : 403
}

Please help me in getting this resolved.

2

The basic license includes security in 6.8.x and all versions from 7.1.0 onwards, but not in 6.5.1. The simplest fix is to upgrade.

3

David, Thanks for the quick response. another quick question, will transport ssl and http ssl come under the same security? or will these features still work without enabling xpack security?

4

I vaguely remember that using TLS on the network is independent of whether security is enabled, but I'm not sure of the details.

5

Ok. Is there documents we can follow or find the security features included in version 6.5.1?

6

Maybe https://www.elastic.co/guide/en/elasticsearch/reference/6.5/ssl-tls.html although I think these docs assume you're using all of security rather than just TLS so you might encounter problems. An upgrade is recommended, the 6.5.x series reaches the end of its supported life in just over a month.

7

Thanks for information @DavidTurner

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.