Tutorial: Encrypting communications

edit

Tutorial: Encrypting communications

edit

In 6.0 and later releases, if you have a gold or higher license and the Elasticsearch security features are enabled, you must use Transport Layer Security (TLS) to encrypt internode communication. In this tutorial, you learn how to meet the minimum requirements to pass the TLS bootstrap check.

Single-node clusters that use a loopback interface do not have this requirement.

Before you begin

edit

Ideally, you should do this tutorial only after you complete the Getting started with the Elastic Stack and Getting started with security tutorials. At a minimum, you must:

  1. Install and configure Elasticsearch and Kibana in a cluster with a single Elasticsearch node, as described in Getting started with the Elastic Stack. In particular, this tutorial provides instructions that work with the zip and tar.gz packages.
  2. Install a trial license.
  3. Enable the Elasticsearch security features.
  4. Create passwords for built-in users.
  5. Add the built-in user to Kibana.
  6. Stop Kibana. The method for starting and stopping Kibana varies depending on how you installed it. For example, if you installed Kibana from an archive distribution (.tar.gz or .zip), stop it by entering Ctrl-C on the command line. See Starting and stopping Kibana.
  7. Stop Elasticsearch. For example, if you installed Elasticsearch from an archive distribution, enter Ctrl-C on the command line. See Stopping Elasticsearch.