生成certificate 证书
在官方文档中有这么一段
“You can add as many nodes as you want in a cluster but they must be able to communicate with each other. The communication between nodes in a cluster is handled by the transport module. To secure your cluster, you must ensure that internode communications are encrypted and verified, which is achieved with mutual TLS.
In a secured cluster, Elasticsearch nodes use certificates to identify themselves when communicating with other nodes.
The cluster must validate the authenticity of these certificates. The recommended approach is to trust a specific certificate authority (CA). When nodes are added to your cluster they must use a certificate signed by the same CA.
For the transport layer, we recommend using a separate, dedicated CA instead of an existing, possibly shared CA so that node membership is tightly controlled. Use the elasticsearch-certutil
tool to generate a CA for your cluster.”
总结