1 生成证书
elasticsearch-cert
使用 pem
-
生成根证书
/usr/share/elasticsearch/bin/elasticsearch-certutil ca --days 720 --pem -
生成节点证书(因为 使用的是虚拟机,ip 会动态改变, 这里 在生成 节点证书时 不加入 dns, ip 等配置, 所以生成的这个证书多个节点可以共用
/usr/share/elasticsearch/bin/elasticsearch-certutil cert --ca-cert ./ca/ca.crt --ca-key ./ca/ca.key --days 720 --pem -
将 证书拷贝到各个节点 /etc/elasticsearch/x-pack/
2. 节点之间TLS配置
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /etc/elasticsearch/x-pack/instance.key
xpack.security.transport.ssl.certificate: /etc/elasticsearch/x-pack/instance.crt
xpack.security.transport.ssl.certificate_authorities: [ “/etc/elas