SSL Certificates used in ELK stack


I am a rookie, getting started with ElasticSearch and have a question regarding the SSL certificates used in the ELK stack.
From what I've read in the guides, an SSL certificate is needed for Kibana, but for Elasticsearch I am unsure which SANs are needed. In this topic it is said that it needs to have the node hostnames and not a single URL. (like for typical web applications) This would mean when new nodes are added the certificate needs to be re-issued and I would like to avoid that.
I also wanted to know to what extent can F5 loadbalancing be used? I read that there is also a coordinator role, which is a bit like a loadbalancer. So can F5 be used for Kibana load-balancing and what about the ingestion? (it is also documented that it needs to be pointed to a master node)
I plan to build up as a start a 3 node cluster with master and data roles.

Hello @vladtepes,

I am just starting with SSL with Elasticsearch so I am by no means an expert.

I have setup my own CA and plan to use a wildcard cert for * That way I can use the same SSL certs for the whole cluster and add nodes as I like. That is the plan, not fully tested yet...

How do you put data into Elasticsearch? If you use Logstash or Filebeat, they offer load-balancing for writing to Elasticsearch. For Kibana, you can put a load-balancer in front, like most other web services. I use Nginx in front of Kibana. Nginx does the SSL termination and the group of Kibana instances are listed as HTTP backends/upstreams.

Unfortunately a wildcard certificate is not an option in our environment. I do plan to use Logstash and Filebeat.
So then only Kibana can be load-balanced using F5, it seems.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.