当前位置:   article > 正文

elasticsearch 使用X-Pack 加密_xpack.security.transport.ssl.keystore.path

xpack.security.transport.ssl.keystore.path

elasticsearch.yml配置

xpack.security.enabled: true

xpack.security.transport.ssl.enabled: true

xpack.security.transport.ssl.verification_mode: certificate

xpack.security.transport.ssl.keystore.path: elastic-certificates.p12 #存放elastic-certificates.p12文件路径

xpack.security.transport.ssl.truststore.path: elastic-certificates.p12 #存放elastic-certificates.p12文件路径

#https

xpack.security.http.ssl.enabled: true

xpack.security.http.ssl.keystore.path: elastic-certificates.p12 #存放elastic-certificates.p12文件路径开启https

xpack.security.http.ssl.truststore.path: elastic-certificates.p12 #存放elastic-certificates.p12文件路径开启https

xpack.security.transport.ssl.keystore.password: 123456 #自己设置密码

xpack.security.transport.ssl.truststore.password: 123456 #自己设置密码

xpack.security.http.ssl.keystore.password: 123456 #自己设置密码

xpack.security.http.ssl.truststore.password: 123456 #自己设置密码

生成证书

 

bin/elasticsearch-certutil ca

bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12

生成CA证书bin/elasticsearch-certutil ca将产生新文件elastic-stack-ca.p12该 elasticsearch-certutil 命令还会提示你输入密码以保护文件和密钥,请保留该文件的副本并记住其密码

为集群中的每个节点生成证书和私钥bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12将产生新文件elastic-certificates.p12系统还会提示你输入密码,你可以输入证书和密钥的密码,也可以按Enter键将密码留空。默认情况下 elasticsearch-certutil生成没有主机名信息的证书,这意味着你可以将证书用于集群中的每个节点,另外要关闭主机名验证。

最好将这两个文件移到到config里边

 

 

输入设置的账号密码

bin/elasticsearch-keystore add xpack.security.transport.ssl.keystore.secure_password

 

bin/elasticsearch-keystore add xpack.security.transport.ssl.truststore.secure_password

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/木道寻08/article/detail/953645?site
推荐阅读
相关标签
  

闽ICP备14008679号