Puzzled about message: Configuring TLS will be required to apply a Gold or Platinum license when security is enabled


I am trying Elasticsearch and Kibana 6.2.4 with X-Pack. I have successfully configured TLS at all levels (node, kibana to cluster, browser to Kibana).

I am puzzled by the cluster alert that remains visible in Kibana:
"Configuring TLS will be required to apply a Gold or Platinum license when security is enabled."

Is this something that will disappear once I installed our Platinum license, or is there anything else I need to do, i.e. the alert is really relevant?

Many thanks in advance.


You should be only getting this message if you are one a trial license with X-Pack security enabled and have not enabled TLS on the transport layer of Elasticsearch. It means that when you move to a Gold or Platinum license, TLS for transport layer will be required

Does the node part above indicate transport TLS ? Can you share the relevant part of the config ?

Thanks for your response. As a matter of fact, all nodes of the cluster use TLS, hence my surprised. Please find elasticsearch.yml file:

cluster.name: eLABsticsearch
node.name: elastic01

node.data: True
node.master: True
node.ingest: True
node.ml: False
search.remote.connect: false

path.data: /var/lib/elasticsearch
path.logs: /var/log/elasticsearch

http.port: 9200

discovery.zen.ping.unicast.hosts: ["","",""]
discovery.zen.minimum_master_nodes: 2

xpack.security.transport.ssl.verification_mode: full
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic01.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic01.p12

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /etc/elasticsearch/elastic01.p12
xpack.security.http.ssl.truststore.path: /etc/elasticsearch/elastic01.p12

OK I think I figured... It was stupid on my side. I forgot to add:

xpack.security.transport.ssl.enabled: true

To my config. Thanks for your help

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.