Securing Elasticsearch 7 on RedHat installation – creating and attaching certificates

Creating the certificates :

Browse to the path which contains the elasticsearch-certutil script. It may depend on the folder you have installed ES.

Run the ES script for creating scripts:

 elasticsearch-certutil cert

Copy the cert from usr share to the following path

cp /usr/share/elasticsearch/elastic-certificates.p12 /etc/elasticsearch/

run the following command for the fresh created certificate:chmod 777

 chmod 777 /etc/elasticsearch/elastic-certificates.p12

Restart the service

-change the ES yml file to reflect the new certs

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.verification_mode: certificate

#xpack.security.transport.ssl.client_authentication: required

xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12

xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12

 

Creating the passwords:

cd /usr/share/elasticsearch/bin

elasticsearch-setup-passwords auto

Add 9200 and 9300 ports on the firewall

firewall-cmd --permanent --add-port=9300/tcp && systemctl restart firewalld

Install on the other nodes using the above steps

!make sure to copy the same cert in the same location on all the nodes /etc/elasticsearch/ and make it executable (chmod 777)

You can use the same cert already copied to secure the http layer as well, by modifying the yml file as below.

xpack.security.http.ssl.enabled: true

xpack.security.http.ssl.keystore.path: /etc/elasticsearch/elastic-certificates.p12

xpack.security.http.ssl.truststore.path: /etc/elasticsearch/elastic-certificates.p12

Restart service