Using Xpack Transport client for multiple nodes with certificate/key

I have 3 Elasticsearch nodes each configured with X-Pack including keys and certificates for https connections. The certificates and keys are different per node, the certificate authority (ca.crt) is the same.

How can I set up a security transport client using Java? I can add a connection for each node on the client but I can only provide one settings object. Since I have 3 keys/certificates, which one should I pass to the settings object?

The SSL key (and cert) you provide in TransportClient is a key for the client, not a key for the nodes.

The SSL key is private information, you should be protecting it quite tightly, and never pass it out to clients.

For Transport Client you have 2 options:

Thanks for the reply. Could you please explain how to create a cert+key pair for the client using a ca? Is it also through the X-Pack certgen tool?


You can use elasticsearch-certutil for this, it's documentation is available here . See specifically the cert mode

That said, you can use any other tooling that you want also ( i.e. openssl ) if it's more convenient for you.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.