eugene
Reputation: 41765
certificate created by elasticsearch-certutil is not usable in production?
I've followed instrunction on https://www.elastic.co/guide/en/elastic-stack-get-started/7.4/get-started-docker.html#get-started-docker-tls to setup basic authentication
The doc creates certificate by
bash -c '
yum install -y -q -e 0 unzip;
if [[ ! -f /certs/bundle.zip ]]; then
bin/elasticsearch-certutil cert --silent --pem --in config/certificates/instances.yml -out /certs/bundle.zip;
unzip /certs/bundle.zip -d /certs;
fi;
chown -R 1000:0 /certs
'
It seems I can connect to the https endpoint from localhost only, is it?
Upvotes: 1
Views: 1878
Answers (1)
akelsey
Reputation: 99
Yes elastic can generate CSR for sign it in Public CA or corporate CA or it issues just selfsign certificate. So if you issued self-sign - sure you can use it in production but with "no veryfy certificate" option. Otherwise you can buy or order free certificate for example letsencrypt.
Upvotes: 1
Related Questions
- Transport SSL must be enabled if security is enabled on a [basic] license
- Elasticsearch unable to get issuer certificate
- "unable to verify the first certificate" when connecting to elasticsearch from nodejs using self-generated certificates
- Elastic Search Cloud - Adding ca for reindex
- Perl Search::Elasticsearch doesn't work with SSL enabled node with Self-signed certificate
- elasticdump with TLS - unable to verify the first certificate
- Elasticsearch-OSS 7.9.2 with SSL
- elastic4s with ssl configured elastic Search not working
- Kibana container to elasticsearch cloud auth err
- Kibana is not connecting with elasticsearch shield SSL