Enabling xpack.security.enabled to true alone was not enough to start the elasticsearch, as it was giving the error, so we have generated the certificates and deployed it to all the nodes of elastic cluster and kibana using the official sites steps:
Our Elasticsearch.yml is like --->
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.verification_mode: certificate
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
#To Enable TLS layer Security
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12
and our kibana.yml -->
elasticsearch.hosts: ["https://192.168.144.167:9200", "https://192.168.144.177:9200"]
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/instance/instance.crt
server.ssl.key: /etc/kibana/instance/instance.key
xpack.monitoring.elasticsearch.ssl.verificationMode: certificate
After this we tried setting the ./elasticsearch-setup-passwords interactive --verbose
which gave us error for apm_system user but I guess the password is set for the cluster, but using the same password we are not able to access any node. Do we missed any thing in the step ? and how to resolve this issue now.