I have 3 Elasticsearch nodes each configured with X-Pack including keys and certificates for https connections. The certificates and keys are different per node, the certificate authority (ca.crt) is the same.
How can I set up a security transport client using Java? I can add a connection for each node on the client but I can only provide one settings object. Since I have 3 keys/certificates, which one should I pass to the settings object?
The SSL key (and cert) you provide in TransportClient is a key for the client, not a key for the nodes.
The SSL key is private information, you should be protecting it quite tightly, and never pass it out to clients.
For Transport Client you have 2 options:
Thanks for the reply. Could you please explain how to create a cert+key pair for the client using a ca? Is it also through the X-Pack certgen tool?
Hi,
You can use elasticsearch-certutil for this, it's documentation is available here . See specifically the cert mode
That said, you can use any other tooling that you want also ( i.e. openssl ) if it's more convenient for you.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.