I have two scenarios and would like a solution for both.
- I created a new cluster (8.6.X) with the self-generated certificates and enrolling new nodes. After that, I want to create a separate cluster, but I'd like to have it as a remote cluster. Without creating a ton of new certificates, copying those all over the world, how can I make the two clusters trust each other? I tried to change the transport xpack settings like this, but it didn't work (duh):
# Enable encryption and mutual authentication between cluster nodes xpack.security.transport.ssl: enabled: true verification_mode: certificate keystore.path: certs/transport.p12 # truststore.path: certs/transport.p12 certificate_authorities: ["certs/http_ca.crt","certs/http_ca_remote.crt"]
- I have a cluster with certificates I generated myself without the ES tool (20+ nodes) and a new cluster with the automatically generated certificates. I have to connect the old cluster as a remote cluster until I can age out data (100TB+) and would like to avoid generating new certificates since the setup gets a lot less complicated if I can use the auto-generated certs. What can I do?