Setting up Xpack security - stuck

Hello everyone,

I recently setup a 3 server cluster of Elasticsearch, 2 server cluster of Logstash, and 1 Kibana server. Before I attempted to turn on https and xpack everything worked like a charm. I know I am getting confused around the certificates and CAs aspect.

I tried to make a CA on the master elasticsearch server and create keys to be used. For SSL I tried to create a wild card cert/chain to use on all of the servers using our domain CA.

We have our own CA and I am not really sure the best way to setup this all up. I would like to use our domain CA for as much as possible.

Below is what I have setup in the .yml file in elasticsearch:

#http.host: 0.0.0.0 # accept request from remote
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: certs/elasticsearch01.key
xpack.security.transport.ssl.certificate: certs/elasticsearch01.crt
xpack.security.transport.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca.crt" ]

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: certs/http.key
xpack.security.http.ssl.certificate: certs/http.crt
xpack.security.http.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/cachaincertificate.crt" ]
xpack.security.http.ssl.client_authentication: optional

http.cors.enabled: true
http.cors.allow-origin: "https://website.com"
http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers : Authorization, X-Requested-With,X-Auth-Token,Content-Type, Content-Length

I have changed the name of some of the certs/website.

Hi ,

Is there a specific question we can help you with ? What is the problem / error you are getting with the configuration you tried ?