Hi,
I have installed Elasticsearch, kibana and SearchGuard version: 6.5.4 on 4 node cluster.
i have created 2 keystore and truststore jks one for nodes and one for admin using some offline tool. (if my understanding is correct).
placed all the 4 certificates on all 4 nodes under /etc/elasticsearch/ssl directory
-rw-r-----. 1 root elasticsearch 1573 Jan 30 17:55 elastic.server.truststore.jks
-rw-r-----. 1 root elasticsearch 6773 Jan 30 17:55 elastic.server.keystore.jks
-rw-r-----. 1 root elasticsearch 1573 Jan 30 17:55 elastic.client.truststore.jks
-rw-r-----. 1 root elasticsearch 6773 Jan 30 17:55 elastic.client.keystore.jks
···
**
Here is the elasticsearch.yml configuration:
searchguard.ssl.transport.keystore_filepath: /etc/elasticsearch/ssl/elastic.server.keystore.jks
searchguard.ssl.transport.keystore_password: changeme
searchguard.ssl.transport.truststore_filepath: /etc/elasticsearch/ssl/elastic.server.truststore.jks
searchguard.ssl.transport.truststore_password: changeme
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: /etc/elasticsearch/ssl/elastic.server.keystore.jks
searchguard.ssl.http.keystore_password: changeme
searchguard.ssl.http.truststore_filepath: /etc/elasticsearch/ssl/elastic.server.truststore.jks
searchguard.ssl.http.truststore_password: changeme
searchguard.nodes_dn:
- CN=elasticnonprod-0.vpc.example.net,OU=Corp,O= example, Inc.,DC= example,DC=net
- CN=elasticnonprod-1.vpc. example.net,OU=Corp,O= example, Inc.,DC= example,DC=net
- CN=elasticnonprod-2.vpc. example.net,OU=Corp,O= example, Inc.,DC= example,DC=net
- CN=elasticnonprod-3.vpc. example.net,OU=Corp,O= example, Inc.,DC= example,DC=net
searchguard.authcz.admin_dn:
- CN=nonprod-elastic-client.vpc. example.net,OU=Corp,O= example, Inc.,DC= example,DC=net
what ever i have provided in admin section is it correct?, how does it work, i have client keys placed in ssl folder are those going to be used if i want to access through admin?
searchguard.authcz.admin_dn:
- CN=nonprod-elastic-client.vpc. example.net,OU=Corp,O= example, Inc.,DC= example*,DC=net***
What are the changes needs to be done from Kibana to access Elasticsearch, do i need to please admin/client keystore and trustore in kibana server and access it?
i have multiple sources to get logs into Elasticsearch like Kubernetes, Nginx, Kafka and so on…, every where do i need to place client keystore and trustore to access elasticsearch to push logs?