Hi,
I got the TLS certificates generated from the searchguard TLS certificate generator link.
Initially i performed the following configuration changes,
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=localhost-keystore.jks
searchguard.ssl.http.keystore_password: 221749a2add117cf889f
searchguard.ssl.http.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks
searchguard.ssl.http.truststore_password: 6d6cf1cc017dc874960b
searchguard.authcz.admin_dn:
- CN=sgadmin
searchguard.ssl.transport.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=localhost-keystore.jks
searchguard.ssl.transport.keystore_password: 221749a2add117cf889f
searchguard.ssl.transport.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks
searchguard.ssl.transport.truststore_password: 6d6cf1cc017dc874960b
Now i am trying to run the sgadmin.bat as below,
sgadmin.bat -cd ..\sgconfig -ts D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks -tspass 6d6cf1cc017dc874960b -ks D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=localhost-keystore.jks -kspass 221749a2add117cf889f –nhnv
The command successfully got executed.
In kibana.yml, i made the following changes,
elasticsearch.username: "admin"
elasticsearch.password: "admin"
elasticsearch.ssl.certificateAuthorities: [ "D:/Softwares/ELK/elasticsearch-5.4.0/elasticsearch-5.4.0/config/root-ca.crt" ]
kibana is able to connect to elasticsearch.
My issue:
Now in elasticsearch.yml, i have made below changes,
network.host: AAEINBLR02717D
searchguard.ssl.http.enabled: true
searchguard.ssl.http.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=AAEINBLR02717D-keystore.jks
searchguard.ssl.http.keystore_password: 02d9b43a58d6e1060368
searchguard.ssl.http.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks
searchguard.ssl.http.truststore_password: c0659bb0b83d0afae81e
searchguard.authcz.admin_dn:
- CN=sgadmin
searchguard.ssl.transport.keystore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\CN=AAEINBLR02717D-keystore.jks
searchguard.ssl.transport.keystore_password: 02d9b43a58d6e1060368
searchguard.ssl.transport.truststore_filepath: D:\Softwares\ELK\elasticsearch-5.4.0\elasticsearch-5.4.0\config\truststore.jks
searchguard.ssl.transport.truststore_password: c0659bb0b83d0afae81e
I am getting the below error,
Search Guard Admin v5
Will connect to localhost:9300
ERR: Seems there is no elasticsearch running on localhost:9300 - Will exit
Q1:why so..
Does it default connect to localhost only?
Q2:f it allows only localhost, its difficult to connect. Only locally running logstash can connect to elasticsearch.
how can logstash residing on other machine communicate to elasticsearch residing on other machine.