I want to implement xpack security. The below code that I put in elasticsearch.yml. But I get an error that certificate does not exist. I have checked all directories in node, there is no elastic-certificates.p12. How can i solve this ? And how can i implement this ?
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.license.self_generated.type: basic
Thanks for answering
Above configurations are fine, what you need to do is generate node certificates in order to encrypt the elasticsearch internode communication(TLS - Transport Layer Security). The reason is, by default elasticsearch transfer data in text format(even passwords) which is a poor security practice. Therefore, inter-node communication should be encrypted before enabling Xpack security. This can be achieved by using elasticsearch certutil package. Follow the below steps(not suitable for production only for testing purposes).
./elasticsearch-certutil ca
This will generate a certificate authority in your elasticsearch main directory. When you are asked to enter a filename for your CA, hit "enter" then it'll take the default filename 'elastic-stack-ca.p12'. Then after it'll ask for a password for the CA(Certificate Authority), then again hit "enter"../elasticsearch-certutil cert --ca elastic-stack-ca.p12
. when executing this command first, it'll ask for the password of your CA file, then hit 'enter' then after it'll ask for TLS certificate name then again hit 'enter' then it'll take the TLS certificate name as 'elastic-certificates.p12' which is the default name finally it'll ask for a password for the TLS certificate, then again hit 'enter'. Now you will be able see a two new files in your elasticsearch main directory.Please note that above configuration steps are not suitable for production, only for testing... :)