Transport Layer Security Elasticsearch configuration

Note : My version of Elasticsearch is 7.15.0


I’m new to Elasticsearch , I’m trying to use Kibana alerts , to do that I must create a Rule and a Connector but when I’ve selected that field I’ve been got informed to enable Transport Layer Security and API keys to do so I followed the Elastic Transport Layer Security guide instructions where the instructor describe these steps :

Encrypt inter-node communications with Transport Layer Security :

1. Open the $ES_PATH_CONF/elasticsearch.yml file and make the following changes:
a. Add the cluster-name setting and enter a name for your cluster:

cluster.name: my-cluster

b. Add the node.name setting and enter a name for the node. The node name defaults to the host-name of the machine when Elasticsearch starts.

node.name: node-1

c. Add the following settings to enable inter-node communication and provide access to the node’s certificate.
Because you are using the same elastic-certificates.p12 file on every node in your cluster, set the verification mode to certificate:

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.client_authentication: required
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12

Since the elastic-certificates is not generated automatically during the installation of the Software it must be generated by the elasticsearch-certutil inside the /usr/share/elasticsearch/bin directory :

a. First :

cd /usr/share/elasticsearch/bin

b. run the elastic-certutil to generate the elastic-stack-ca.zip certificate file :

 bin/elasticsearch-certutil ca

c. unzip the file to exract the all information and move them to the /etc/elasticsearch directory .

unzip elastic-stack-ca.zip

Now the problem occurs when starting the elasticsearch service :

sudo service elasticsearch restart 

Job for elasticsearch.service failed because the control process exited with error code. See "systemctl status elasticsearch.service" and "journalctl -xe" for details.

I tried to see where the error is located by running these two control commands but I did not understand .

Read more here: Source link