Hello everyone!
I have some questions regarding the certificates used when deploying elasticsearch.
Elasticsearch auto generates certificates for http and transport which work out of the box, however from my understanding, they are self signed, which can cause problems with, for example, elastic agents needing the --insecure parameter to enroll.
With this in mind I configured my own certificates for the http layer, gave them to kibana, and everything is working fine. However, I want to add more elasticsearch nodes so I tried to use the elasticsearch-create-enrollment-token command which gave the the error
ERROR: Unable to create an enrollment token. Elasticsearch node HTTP layer SSL configuration is not configured with a keystore, with exit code 73
I quickly realized this is because I'm not using the auto generated certificates. So my questions are the following:
- What is the best way to add nodes when using my own certificates?
- Is there a way to use my trusted certificates while keeping the enrollment token option?
- Is using your own certificates the only way for elastic-agents to trust the certificates?
Thanks in advance !