Setting up HTTPS for Elasticsearch 7.1

Hello,

It looks like the basic elastic license allows encrypted communications as listed here - https://www.elastic.co/subscriptions but the documentation says security is only available as a part of x-pack (https://www.elastic.co/guide/en/elastic-stack-overview/current/elasticsearch-security.html).
Is the basic license enough for just SSL support? I am not looking at RBAC or anything else.

Regards,

1 Like

Yes, see the first link for what is included in a Basic license.

For clarity, the basic license is part of X-Pack.

Our product features are separated into Open Source and X-Pack.
Some of X-Pack (like TLS, Native Authentication, and RBAC) is free on a basic license, and some of X-Pack requires a paid license.

Thanks!

hi @Krushna_Bagde,
are you so kind to give us some details about how you configure elasticsearch.yml to manage https on elasticsearch url?
How do you create certificate chain?
thanks in advance

There is documentation here:

Are you running into a particular problem?

@TimV thanks for the link
I'm working with the 6.8 version so i read the same info about this versioning
I have errors as kibana and logstash try to connect to elasticsearch in https.

Till now i'm just configure basic authentication and it's working fine, but i don't understand how create the working certificate that i will write in these lines on elastic.yml:
( I choose pem certificates)

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /home/es/config/node01.key
xpack.security.http.ssl.certificate: /home/es/config/node01.crt
xpack.security.http.ssl.certificate_authorities: [ "/home/es/config/ca.crt" ]

Can i use the same certificate on the three nodes elastic cluster?
Which are the correct commands to create it?
Maybe do I have to use the same certificate indicated in this elasticsearch.yml lines?

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

( I know these are for communication between nodes and this part it's working fine because i check with GET _cat/nodes )

thanks for your attention

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.