Hello everyone,
I recently setup a 3 server cluster of Elasticsearch, 2 server cluster of Logstash, and 1 Kibana server. Before I attempted to turn on https and xpack everything worked like a charm. I know I am getting confused around the certificates and CAs aspect.
I tried to make a CA on the master elasticsearch server and create keys to be used. For SSL I tried to create a wild card cert/chain to use on all of the servers using our domain CA.
We have our own CA and I am not really sure the best way to setup this all up. I would like to use our domain CA for as much as possible.
Below is what I have setup in the .yml file in elasticsearch:
#http.host: 0.0.0.0 # accept request from remote
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: certs/elasticsearch01.key
xpack.security.transport.ssl.certificate: certs/elasticsearch01.crt
xpack.security.transport.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/ca.crt" ]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: certs/http.key
xpack.security.http.ssl.certificate: certs/http.crt
xpack.security.http.ssl.certificate_authorities: [ "/etc/elasticsearch/certs/cachaincertificate.crt" ]
xpack.security.http.ssl.client_authentication: optional
http.cors.enabled: true
http.cors.allow-origin: "https://website.com"
http.cors.allow-methods : OPTIONS, HEAD, GET, POST, PUT, DELETE
http.cors.allow-headers : Authorization, X-Requested-With,X-Auth-Token,Content-Type, Content-Length
I have changed the name of some of the certs/website.