Hi all, I have set up two of the three security layers of Elasticsearch. I am now trying to implement HTTPS, and after speaking to our in-house infrastructure, they can't offer us "Sign certificates with a central CA" on our domain. However, they can give us a signed SSL certificate from a third party (with ca file etc.. if required). Is there a way I can implement a third-party certificate, or is the only option we have remaining to sign our certificates?
On the HTTP layer, it's totally fine to use any SSL certificate and CA that make sense to your organisation. Just be sure you need both the signed certificate and the associated private key for configuring HTTPS.
@Yang_Wang - Thank you for getting back to me.
Do you have a list of steps required to apply a third party SSl / privatekey?
Do you mean "steps of applying for cert/private key from a 3rd party provider" or "apply the certs and private keys from the 3rd party to a ES cluster"?
I cannot help with the former because it is outside of ES.
For the later, you just need configure relevant settings to the cert and key file(s). This guide for setting up basic security and HTTPs can still be helpful. Just skip all parts about generating your own cert/key.
@Yang_Wang - thank you for your help. I've got it working