elasticsearch 使用X-Pack 加密

elasticsearch.yml配置

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.verification_mode: certificate

xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 #存放elastic-certificates.p12文件路径

xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 #存放elastic-certificates.p12文件路径

#https

xpack.security.http.ssl.enabled: true

xpack.security.http.ssl.keystore.path: elastic-certificates.p12 #存放elastic-certificates.p12文件路径开启https

xpack.security.http.ssl.truststore.path: elastic-certificates.p12 #存放elastic-certificates.p12文件路径开启https

xpack.security.transport.ssl.keystore.password: 123456 #自己设置密码

xpack.security.transport.ssl.truststore.password: 123456 #自己设置密码

xpack.security.http.ssl.keystore.password: 123456 #自己设置密码

xpack.security.http.ssl.truststore.password: 123456 #自己设置密码

生成证书

 

bin/elasticsearch-certutil ca

bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

生成CA证书bin/elasticsearch-certutil ca将产生新文件elastic-stack-ca.p12该 elasticsearch-certutil 命令还会提示你输入密码以保护文件和密钥，请保留该文件的副本并记住其密码

为集群中的每个节点生成证书和私钥bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12将产生新文件elastic-certificates.p12系统还会提示你输入密码，你可以输入证书和密钥的密码，也可以按Enter键将密码留空。默认情况下 elasticsearch-certutil生成没有主机名信息的证书，这意味着你可以将证书用于集群中的每个节点，另外要关闭主机名验证。

最好将这两个文件移到到config里边

 

 

输入设置的账号密码

bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password

 

bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password