cd /usr/local/elasticsearch/bin/
./elasticsearch-certgen
#####################################
Please enter the desired output file [certificate-bundle.zip]: cert.zip (生成的壓縮包名稱,輸入或者保持默認,直接回車)
Enter instance name: my-application (實例名)
Enter name for directories and files [my-application]: elasticsearch(存儲實例證書的文件夾名,可以隨意指定或保持默認)
Enter IP Addresses for instance (comma-separated if more than one) []: 127.0.0.1(實例ip,多個ip用逗號隔開)
Enter DNS names for instance (comma-separated if more than one) []: node-1(節點名,多個節點用逗號隔開)
Would you like to specify another instance? Press 'y' to continue entering instance information: (到達這一步,不需要按y重新設置,按空格鍵就完成了)
Certificates written to /usr/local/elasticsearch/bin/cert.zip(這個是生成的文件存放地址,不用填寫)
解壓cert.zip文件會得到
creating: ca/
inflating: ca/ca.crt
inflating: ca/ca.key
creating: my-applicaiton/
inflating: my-applicaiton/my-applicaiton.crt
inflating: my-applicaiton/my-applicaiton.key
es配置文件中使用如下:
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: my-applicaiton.key
xpack.ssl.certificate: my-applicaiton.crt
xpack.ssl.certificate_authorities: ca.crt