1.在elasticsearch执行目录bin下运行elasticsearch-certgen:./elasticsearch-certgen
依次输入生成cert.zip的文件名,节点信息和IP,会在当前目录生成一个zip压缩包
2.在elasticsearch的config目录下新建cert文件夹,将压缩包解压到文件夹会发现ca文件和各个节点密匙文件夹
3.将解压后的cert文件全部scp到其他节点
4.修改elasticsearch配置文件elasticsearch.yml配置文件:不同节点指定自己节点的key和crt
xpack.security.transport.ssl.enabled: true xpack.ssl.key: /usr/local/elasticsearch/config/cert/YouAi_elk/YouAi_elk.key xpack.ssl.certificate: /usr/local/elasticsearch/config/cert/YouAi_elk/YouAi_elk.crt xpack.ssl.certificate_authorities: /usr/local/elasticsearch/config/cert/ca/ca.crt
5.重启elasticsearch各个节点
