Below are the steps to enable SSL for the external Elastic server and Integrate it with SearchBlox Onprem version 10.x.
Prerequisites:
To configure SSL in Elasticsearch, CA Certificate, Elasticsearch Node Certificate, and HTTP Certificate are mandatory. Please ensure you have the Elastic Server deployed in the server and stop the server if it is already running.
Steps to Generate Self-Signed Elastic Server Certificate:
1. Open command prompt and navigate to folder <elasticsearch-installation path>/bin
2. To create a self-signed CA certificate run the following command(If you have your own CA certificate you can skip this step):
elasticsearch-certutil ca
elastic-stack-ca.p12 file will be generated inside <elasticsearch-installation-path>/.
Note: It may ask for “desired output file” and “password for the same”. (Optional)
3. Create a certificate for the ElasticSearch node using the following command:
elasticsearch-certutil cert --ca elastic-stack-ca.p12
Note: It may ask for the following, if you have provide it, else just press enter
Enter password for CA (elastic-stack-ca.p12) :
Please enter the desired output file [elastic-certificates.p12]:
Enter password for elastic-certificates.p12 :
4. Move the generated file, inside the <elasticsearch-installation path>/config folder and provide full permissions.
5. Create a certificate to enable HTTPS communication to run the following command:(You need the CA certificate for this step)
elasticsearch-certutil http
Note: It may ask the following questions, and you can provide the location of the CA certificate as shown.
Generate a CSR? [y/N] - press N
Use an existing CA? [y/N] - press Y
CA Path:<elasticsearch-installation -path>/elastic-stack-ca.p12
6. Zip file will be generated in /<elasticsearch-installation-path>/elasticsearch-ssl-http.zip
7. Unzip the file and you will be able to see a “http.p12” file.
8. Move the generated http.p12 file, inside the <elasticsearch-installation path>/config folder and provide full permissions.
9. Go to <elasticsearch-installation path>/config and add the following lines in “elasticsearch.yml” and save it.
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "http.p12"
10. Restart Elasticsearch https://localhost:9200
Integrate External Elastic with SearchBlox Onprem 10.x
- Make sure the SearchBlox service is stopped before configuring it with External Elastic Server.
- Open searchblox.yml file under the patch <SearchBlox_installation_Directory>/webapps/ROOT/WEB-INF
- Configure the External Elastic path, and port, along with its user credentials if exists.
# ===============SearchBlox Elasticsearch Configuration ====================
searchblox.deployment.type: onPrem
searchblox.elasticsearch.host: localhost
searchblox.elasticsearch.port: 9200
searchblox.elasticsearch.basic.username: xxxx
searchblox.elasticsearch.basic.password: xxxxxxxxx
es.home: C:\Users\Administrator\Downloads\elasticsearch-7.17.0
- Restart SearchBlox Service.
Comments
0 comments
Please sign in to leave a comment.