Configuration steps:
2. Execute the command, generate the elastic-stack-ca.p12
file, use 123456 for the password
./bin/elasticsearch-certutil ca
3. Execute the command, generate the elastic-certificates.p12
file, and use 123456 for the password
./bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
4. Copy elastic-stack-ca.p12
and elastic-certificates.p12
copy to config/certs
5. Add configuration in elasticsearch.yml file
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/elastic-certificates.p12
xpack.security.http.ssl.truststore.path: certs/elastic-certificates.p12
xpack.security.transport.ssl.keystore.password: 123456
xpack.security.transport.ssl.truststore.password: 123456
xpack.security.http.ssl.keystore.password: 123456
xpack.security.http.ssl.truststore.password: 123456
6. logstash connect ES
output {
elasticsearch {
hosts => ["https://MY_IP:9201"]
index => "bos-dev-log"
user => "elastic"
password => "123456"
ssl => true
ssl_certificate_verification=>false
truststore=>"/XXX/XXX/elastic-certificates.p12"
truststore_password=>"123456"
}
stdout {
codec => rubydebug }
}
7.java client verification
public static void testHttps() throws Exception {
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY, new UsernamePasswordCredentials("elastic", "123456"));
KeyStore truststore = KeyStore.getInstance("jks");
try (InputStream is = new FileInputStream("./src/main/resources/elastic-certificates.p12")) {
truststore.load(is, "123456".toCharArray());
}
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(truststore, null).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE);
Registry<ConnectionSocketFactory> socketFactoryRegistry = RegistryBuilder.<ConnectionSocketFactory>create()
.register("https", sslsf).register("http", new PlainConnectionSocketFactory()).build();
BasicHttpClientConnectionManager connectionManager = new BasicHttpClientConnectionManager(
socketFactoryRegistry);
CloseableHttpClient client = HttpClients.custom().setSSLSocketFactory(sslsf)
.setDefaultCredentialsProvider(credentialsProvider).setConnectionManager(connectionManager).build();
HttpGet getMethod = new HttpGet("https://MY_IP:9200");
HttpResponse response = client.execute(getMethod);
System.out.println(IOUtils.toString(response.getEntity().getContent()));
}
8 curl command verification
curl -k -u elastic:123456 -X GET https://MY_IP:9200