elasticsearch.yml配置
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 #存放elastic-certificates.p12文件路径
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 #存放elastic-certificates.p12文件路径
#https
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12 #存放elastic-certificates.p12文件路径开启https
xpack.security.http.ssl.truststore.path: elastic-certificates.p12 #存放elastic-certificates.p12文件路径开启https
xpack.security.transport.ssl.keystore.password: 123456 #自己设置密码
xpack.security.transport.ssl.truststore.password: 123456 #自己设置密码
xpack.security.http.ssl.keystore.password: 123456 #自己设置密码
xpack.security.http.ssl.truststore.password: 123456 #自己设置密码
生成证书
bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
生成CA证书bin/elasticsearch-certutil ca将产生新文件elastic-stack-ca.p12该 elasticsearch-certutil 命令还会提示你输入密码以保护文件和密钥,请保留该文件的副本并记住其密码
为集群中的每个节点生成证书和私钥bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12将产生新文件elastic-certificates.p12系统还会提示你输入密码,你可以输入证书和密钥的密码,也可以按Enter键将密码留空。默认情况下 elasticsearch-certutil生成没有主机名信息的证书,这意味着你可以将证书用于集群中的每个节点,另外要关闭主机名验证。
最好将这两个文件移到到config里边
输入设置的账号密码
bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password
bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password