I have a 3 node cluster. I generated elastic-stack-ca.p12 in one node, gave pass phrase, and copied it to all other nodes. Then I generated elastic-certificates.p12 in every node using the other elastic-stack-ca.p12 file. Then I copied elastic-stack-ca.p12 to config directory and created a certs inside that for elastic-certificates.p12. I believe I have completed step 1.
For step 2, I gave the below configurations in kibana.yml
I started kibana, and presented the login page, and the credentials works just fine. Now, as per the documentation, i was doing step 2, to Enable TLS on the HTTP layer in Elasticsearch . Now I have one Kibana node and 3 elasticsearch nodes. What all steps do I need to perform to generate certificates to integrate it with Kibana, so that I can proceed with alerting?
Actually, since you already generated certificates to encrypt communications between your cluster nodes on the transport layer, you can use the same certificates on the HTTP layer!
In each of your cluster nodes, add this to your elasticsearch.yml:
The Elasticsearch API key service is automatically enabled when you configure TLS on the HTTP interface. This ensures that clients are unable to send API keys in clear-text.
So you don't need to take any additional steps to enable the API key service once you've enabled TLS on the HTTP layer.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.