TSL configuration

SabriMahmoud · November 6, 2021, 7:57pm

Note : My version of Elasticsearch is 7.15.0

I'm new to Elasticsearch , I'm trying to use Kibana alerts , to do that I must create a Rule and a Connector but when I've selected that field I've been got informed to enable Transport Layer Security and API keys to do so I followed the Elastic TSL guide instructions where the instructor describe these steps :

Encrypt internode communications with TLS :

1. Open the $ES_PATH_CONF/elasticsearch.yml file and make the following changes:
a. Add the cluster-name setting and enter a name for your cluster:

cluster.name: my-cluster

b. Add the node.name setting and enter a name for the node. The node name defaults to the host-name of the machine when Elasticsearch starts.

node.name: node-1

c. Add the following settings to enable inter-node communication and provide access to the node’s certificate.
Because you are using the same elastic-certificates.p12 file on every node in your cluster, set the verification mode to certificate:

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

Since the elastic-certificates are not generated automatically during the installation of the Software it must be generated by the elasticsearch-certutil inside the /usr/share/elasticsearch/bin directory :

a. First :

cd /usr/share/elasticsearch/bin

b. run the elastic-certutil to generate the elastic-stack-ca.zip certificate file :

 bin/elasticsearch-certutil ca

c. unzip the file to exract the all information and move them to the /etc/elasticsearch directory .

unzip elastic-stack-ca.zip

Now the problem occurs when starting the elasticsearch service :

sudo service elasticsearch restart

Job for elasticsearch.service failed because the control process exited with error code. See "systemctl status elasticsearch.service" and "journalctl -xe" for details.

I tried to see where the error is located by running these two control commands but I did not understand .

TimV · November 8, 2021, 7:13am

Your best bet is to have a look at the Elasticsearch log output.
That should tell you what went wrong.

SabriMahmoud · November 8, 2021, 3:06pm

I did changed the permission of the elastic-certificates.p12
I have no error now but after restarting Elasticsearch I found the same message :

You must enable Transport Layer Security and API keys

why that configuration didn't work ? it is as like as without it at the first place .

system · December 6, 2021, 3:07pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
[KIBANA][Rules and Connectors] You must enable Transport Layer Security Kibana elastic-stack-security , elastic-stack-alerting	5	2045	September 14, 2021
How to generate certificate to enable alerting in Kibana? Kibana elastic-stack-security	4	518	December 18, 2020
TLS Between Elastic & Kibana…Alerts Not Working Kibana elastic-stack-security , elastic-stack-alerting	13	2692	May 7, 2021
Setting for alerts in elk Kibana	2	204	June 29, 2021
Enable Alerts and Actions Kibana elastic-stack-security , elastic-stack-alerting	17	2550	March 10, 2021

TSL configuration

You must enable Transport Layer Security and API keys

Related topics