Is elasticsearch support subscription required to enable SSL

I would like to secure communication between my client app and elasticsearch. I would also like to do the same for elasticsearch's inter-node communication.

Question: Do I need to purchase elasticsearch's support subscription? The communication between my client app and elasticsearch is done using elasticsearch REST client.

Thanks,
Abhijat

You don't necessarily need to buy a subscription to enable SSL/TLS between nodes, but is much easier to set it up with x-pack, see: https://www.elastic.co/guide/en/x-pack/current/ssl-tls.html

Without a subscription you have to manage it all by yourself, using NGINX as a reverse proxy on every node, and serving the certificates through it.

Thanks @ugosan.

Does the same apply for communication between my client application and elasticsearch?

Referring to the link https://www.elastic.co/subscriptions, I see that x-pack basic license does not seem to support encryption.

It would be the same between client application and elasticsearch, yes.

The basic subscription doesn't support a lot of features, but you might want to take a look at https://cloud.elastic.co which is great - you have access to a Platinum license (with graph, alerts, etc.) for clusters under 64GB RAM.

Right... we will be evaluating elastic cloud but at present I am not there yet. Thus for my self-hosted elasticsearch cluster, do I need the platinum support subscription to enable encryption everywhere? (between nodes and between client and the cluster itself)

Well if you dont need document-level authentication, you might just go with a GOLD subscription and it would be enough.

So, I take two things out of this discussion

  1. I need a support subscription.
  2. I am using ES REST client for communication between my client app and ES cluster, I believe, I will need the platinum subscription because it is the one that provides that support (as far as I understand).

Let me know if I have missed anything.

Both Gold and Platinum offers encryption between Elasticsearch nodes as well as between clients and the cluster. This is covered under Native authentication, encrypted communications in the feature matrix on the subscriptions page.

Thanks @Christian_Dahlqvist

What is "Encryption at rest support" under X-pack for Platinum package then?

That is related to encrypting data when it is stored ('resting') on disk.

Thank you.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.