Breadcrumbs

Configuration on Elasticsearch

  1. Create a new folder named certs under C:\elasticsearch\config to store all certificates and key files.

  2. Open PowerShell as an administrator from C:\elasticsearch\bin and generate a root CA that will be used to sign all Elasticsearch TLS certificates. This command creates elastic-stack-ca.p12 under the C:\elasticsearch directory.

.\elasticsearch-certutil.bat ca

  1. Convert the generated CA file to PEM format.

openssl pkcs12 -in elastic-stack-ca.p12 -nokeys -nodes -out ca.crt

  1. Create an instance.yml file in the C:\elasticsearch directory to define the node’s IP address and DNS entries (SAN values) used for the TLS certificate. This prevents hostname mismatch issues.

YAML
instances:
  - name: "node-1"
    ip:
      - "<host_ip>"
    dns:
      - "<host_name>"
      - "localhost"

Replace <host_ip> and <host_name> with the actual IP address and hostname of the Elasticsearch server.

  1. Create a node certificate (node-1.crt and node-1.key) using the CA and the instance.yml definitions. The following command produces a file named certs.zip containing the PEM certificates.

    & "C:\elasticsearch\bin\elasticsearch-certutil.bat" cert --ca "C:\elasticsearch\elastic-stack-ca.p12" --in "C:\elasticsearch\instance.yml" --out "C:\elasticsearch\certs.zip" --pem

  2. Unzip the generated certs.zip and copy the node-1.crt and node-1.key to C:\elasticsearch\config\certs.

  3. Verify that all three – ca.cert, node-1.crt and node-1.key – are present in the path C:\elasticsearch\config\certs.

  4. Update the elasticsearch.yml file located at C:\elasticsearch\config with the following HTTPS and transport security settings:

YAML
# -------- Security & SSL (TLS) Configuration ----------
xpack.security.enabled: true
 
# -------- HTTPS (REST API) TLS --------
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.certificate: certs/node-1.crt
xpack.security.http.ssl.key: certs/node-1.key
xpack.security.http.ssl.certificate_authorities: ["certs/ca.crt"]
 
# -------- Transport TLS (cluster-to-cluster) --------
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.certificate: certs/node-1.crt
xpack.security.transport.ssl.key: certs/node-1.key
xpack.security.transport.ssl.certificate_authorities: ["certs/ca.crt"]
 
# Optional: Bind Elasticsearch to all IPs (needed if external tools connect)
network.host: 0.0.0.0
http.port: 9200

discovery.type: single-node

Ensure the certificate paths correctly match C:\elasticsearch\config\certs.

  1. After updating the elasticsearch.yml, run the following command to start Elasticsearch from path C:/elasticsearch/bin:

.\elasticsearch.bat

  1. Wait until the log displays Cluster health status changed from [RED] → [GREEN], which indicates Elasticsearch is fully operational.

image-20251127-111413.png

Verify Elasticsearch running

  1. Reset the built-in kibana_system password, required for Kibana to authenticate with Elasticsearch, and save the generated password securely.

.\elasticsearch-reset-password.bat -u kibana_system


image-20251127-111830.png


Reset Kibana user password

  1. Create a superuser account that will be used to log in to the Elasticsearch API, the Kibana dashboard, and for Filebeat configuration.

.\elasticsearch-users.bat useradd <username> -p <password> -r superuser

Replace <username> and <password> with the actual username and password you require.

  1. Open a browser and access https://localhost:9200 or https://<host_ip>:9200 to confirm successful TLS and authentication setup. Enter the configured superuser username and password on the prompt.

Screenshot 2025-11-27 125317-20251127-072318.png


Verify Elasticsearch setup