TSL configuration

Note : My version of Elasticsearch is 7.15.0

I'm new to Elasticsearch , I'm trying to use Kibana alerts , to do that I must create a Rule and a Connector but when I've selected that field I've been got informed to enable Transport Layer Security and API keys to do so I followed the Elastic TSL guide instructions where the instructor describe these steps :

Encrypt internode communications with TLS :

1. Open the $ES_PATH_CONF/Elasticsearch.yml file and make the following changes:
a. Add the cluster-name setting and enter a name for your cluster:

cluster.name: my-cluster

b. Add the node.name setting and enter a name for the node. The node name defaults to the host-name of the machine when Elasticsearch starts.

node.name: node-1

c. Add the following settings to enable inter-node communication and provide access to the node’s certificate.
Because you are using the same elastic-certificates.p12 file on every node in your cluster, set the verification mode to certificate:

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

Since the elastic-certificates are not generated automatically during the installation of the Software it must be generated by the Elasticsearch-certutil inside the /usr/share/Elasticsearch/bin directory :

a. First :

cd /usr/share/elasticsearch/bin

b. run the elastic-certutil to generate the elastic-stack-ca.zip certificate file :

 bin/elasticsearch-certutil ca

c. unzip the file to exract the all information and move them to the /etc/Elasticsearch directory .

unzip elastic-stack-ca.zip

Now the problem occurs when starting the Elasticsearch service :

sudo service elasticsearch restart 

Job for elasticsearch.service failed because the control process exited with error code. See "systemctl status elasticsearch.service" and "journalctl -xe" for details.

I tried to see where the error is located by running these two control commands but I did not understand .

Your best bet is to have a look at the Elasticsearch log output.
That should tell you what went wrong.

I did changed the permission of the elastic-certificates.p12
I have no error now but after restarting Elasticsearch I found the same message :

You must enable Transport Layer Security and API keys

why that configuration didn't work ? it is as like as without it at the first place .

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.