Security enabled for all communications to an Elasticsearch cluster including communications from application servers

I am using spring-boot 2.1.6.RELEASE and elasticsearch-rest-high-level-client 7.4.2 . At present
I am working on enabling security for all communication to an Elasrticsearch including communication to/from my application. My application runs on HTTPS.

So think, in Elastic search, I need to secure two-level of communication,

  • Transport communications (Elasticsearch Internal communication)
  • HTTP communications. (Elastic search communication with my Application)

For securing Transport communication, I created a certificate authority for the Elasticsearch cluster using the elasticsearch-certutil ca command and it generates the single output file elastic-stack-ca.p12. In my spring-boot application, I am creating a high-level REST client with x-pack + TLS using this example and it's working absolutely fine.

  1. What do I need to secure the HTTP communication?
  2. Should I create a high-level REST' client using the certificates that I created using elasticsearch-certutil or using the certificate that I created to enable SSL (HTTPS) support for my Spring Boot application? or should I need both the certificates while creating high-level REST' client in my code
  3. Can't I use a single certificate for both i.e. for my application and for elastic search to enable SSL (HTTPS) support?

Have you seen our documentation : ?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.