How should I configure TLS?

I don't know how to set up a certificate to connect Winlogbeat to Elasticsearch via https.

What should I do to create a PEM file from the CA (http.p12) created at initial startup?

I don't understand what is required in the following steps.

Connect clients to Elasticsearchedit
When you start Elasticsearch for the first time, TLS is configured automatically for the HTTP layer. A CA certificate is generated and stored on disk at:

The hex-encoded SHA-256 fingerprint of this certificate is also output to the terminal. Any clients that connect to Elasticsearch, such as the Elasticsearch Clients, Beats, standalone Elastic Agents, and Logstash must validate that they trust the certificate that Elasticsearch uses for HTTPS. Fleet Server and Fleet-managed Elastic Agents are automatically configured to trust the CA certificate. Other clients can establish trust by using either the fingerprint of the CA certificate or the CA certificate itself.

If the auto-configuration process already completed, you can still obtain the fingerprint of the security certificate. You can also copy the CA certificate to your machine and configure your client to use it.


Follow these instructions:


a) Copy /etc/elasticsearch/certs/http_ca.crt to each winlogbeat host and then reference that copy in this setting (and yes that http_ca.crt is a .pem

output.elasticsearch.ssl.certificate_authorities: ["/etc/client/http_ca.crt"]

b) Generate the SHA-256 fingerprint with the instructions that you referenced above and set that with

openssl x509 -fingerprint -sha256 -noout -in /etc/elasticsearch/certs/http_ca.crt | awk --field-separator="=" '{print $2}' | sed 's/://g'

output.elasticsearch.ssl.ca_trusted_fingerprint: "thereallylongfingerprintfromthecommandabove

c) Not recommended set

output.elasticsearch.ssl.verification_mode: none

1 Like

Thanks to you, this problem was solved

Hi @Hamada
What was your solution... It may help others.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.