1、生成证书
bin/elasticsearch-certutil ca
bin/elasticsearch-certutil cert --ca elastic-stack-ca.p12
mv bin/elastic-certificates.p12 config/
mv bin/elastic-stack-ca.p12 config/2、编辑elasticsearch.yml
开启xpack
xpack.security.enabled: true3、开启集群中https传输
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p124、开启api接口https传输
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: elastic-certificates.p12
xpack.security.http.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.client_authentication: none
xpack.ssl.verification_mode: none5、自动生成密码
bin/elasticsearch-setup-passwords auto6、配置kibana.yml
因为开启了elastic https传输所以要把http改为https
elasticsearch.hosts: ["https://localhost:9200"]配置刚刚生成的kibana用户名和密码,否则启动kibana会报错
elasticsearch.username: "kibana"
elasticsearch.password: "puVIrhabjDNOMFCybZZj"ssl证书认证为none
elasticsearch.ssl.verificationMode: none