I am trying to follow Tutorial 2: Securing a self-managed Elastic Stack and in step 3.1 there is a place that asks for hostnames and the IP addresses that will be used to connect to my cluster. So assuming i have 3 VMs named node-1, node-2, node-3 and respectively with IP addresses 192.168.10.1, 192.168.10.2, 192.168.10.3 how should i set up each of 3 nodes certificate? should each time that i am asked, for each node's certificate, only provide a pair of name and ip for example
node-1
192.168.10.1
for nod-1 certificate and then
node-2
192.168.10.2
for node-2 certificate? Or each time i should provide all 3 of them for each 3 certificates, like
node-1
node-2
node-3
192.168.10.1
192.168.10.2
192.168.10.3
each time that i am asked for all the cluster hostnames and IPs?
It's up to you. Your company might have policies about how certificates are supposed to be created and managed, and Elasticsearch can be configured to work in different ways and fit into most policies.
If it were me, and I had freedom to choose how to do it, then I would generate a single certificate that has the hostnames & IP addresses for each of the nodes (assuming a small number of nodes, such as your example of 3 - this wouldn't work as well with 100 nodes).
Then you just have 1 key-pair (a certificate & private key) and to manage and you can just copy it to each node and configure them all identically.
It's totally fine to generate a separate certificate for each node, and have separate sets of hostnames & IP addresses in each one, but it's not what I would choose to do - it's more stuff to manage for no tangible benefit.