Hi all, I have set up two of the three security layers of Elasticsearch. I am now trying to implement HTTPS, and after speaking to our in-house infrastructure, they can't offer us "Sign certificates with a central CA" on our domain. However, they can give us a signed SSL certificate from a third party (with ca file etc.. if required). Is there a way I can implement a third-party certificate, or is the only option we have remaining to sign our certificates?
thank you.
On the HTTP layer, it's totally fine to use any SSL certificate and CA that make sense to your organisation. Just be sure you need both the signed certificate and the associated private key for configuring HTTPS.
@Yang_Wang - Thank you for getting back to me.
Do you have a list of steps required to apply a third party SSl / privatekey?
Regards, Alan
Do you mean "steps of applying for cert/private key from a 3rd party provider" or "apply the certs and private keys from the 3rd party to a ES cluster"?
I cannot help with the former because it is outside of ES.
For the later, you just need configure relevant settings to the cert and key file(s). This guide for setting up basic security and HTTPs can still be helpful. Just skip all parts about generating your own cert/key.
@Yang_Wang - thank you for your help. I've got it working
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.