Enabling SSL for the Elastic Stack using a self-signed certificate
Configure SSL for Elastic Stack using a self-signed certificate for testing purposes.
Before you begin
- You must be a cluster administrator.
- You must ensure that the clock settings on the server and client are identical. Otherwise, errors may occur.
About this task
Follow these steps if you want to:
- Enable SSL for the first time (in other words, if you disabled SSL during installation by setting DISABLESSL=Y).
- Use your own self-signed certificate that will replace the default one generated when SSL is enabled during installation.
When SSL is enabled for the Elastic Stack, a trust relationship between the server and the client
is established by sending a server certificate to the client. The client validates the certificates
that are signed by the self-signed Platform Computing CA Root. This self-signed certificate can be
used only for testing purposes. For your production environment, use a properly chained certificate
that is issued or signed by a trusted certificate authority. By default the Elastic Stack uses the
TLSv1.2 protocol.
Note: On a
local file system, Tier 1 files must be generated on all management hosts. On a shared file system,
the files need to be generated on a shared file system location that all management hosts can
access.