1.在elasticsearch執行目錄bin下運行elasticsearch-certgen:./elasticsearch-certgen
依次輸入生成cert.zip的文件名,節點信息和IP,會在當前目錄生成一個zip壓縮包
2.在elasticsearch的config目錄下新建cert文件夾,將壓縮包解壓到文件夾會發現ca文件和各個節點密匙文件夾
3.將解壓后的cert文件全部scp到其他節點
4.修改elasticsearch配置文件elasticsearch.yml配置文件:不同節點指定自己節點的key和crt
xpack.security.transport.ssl.enabled: true xpack.ssl.key: /usr/local/elasticsearch/config/cert/YouAi_elk/YouAi_elk.key xpack.ssl.certificate: /usr/local/elasticsearch/config/cert/YouAi_elk/YouAi_elk.crt xpack.ssl.certificate_authorities: /usr/local/elasticsearch/config/cert/ca/ca.crt
5.重啟elasticsearch各個節點
