{"id":8911,"date":"2021-04-30T23:31:10","date_gmt":"2021-04-30T20:31:10","guid":{"rendered":"https:\/\/kifarunix.com\/?p=8911"},"modified":"2024-03-18T22:50:15","modified_gmt":"2024-03-18T19:50:15","slug":"enable-https-connection-between-elasticsearch-nodes","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/enable-https-connection-between-elasticsearch-nodes\/","title":{"rendered":"Enable HTTPS Connection Between Elasticsearch Nodes"},"content":{"rendered":"\n<p>In this tutorial, you will learn how to enable HTTPS connection between Elasticsearch nodes. One of the Elastic security features is to enable encryption between Elasticsearch cluster nodes using HTTPS connection.<\/p>\n\n\n\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#enabling-https-connection-between-elasticsearch-nodes\">Enabling HTTPS Connection Between Elasticsearch Nodes<\/a><ul><li><a href=\"#generate-elasticsearch-tls-ssl-certificates-on-one-of-the-nodes\">Generate Elasticsearch TLS\/SSL Certificates on One of the Nodes<\/a><ul><li><a href=\"#create-directory-to-store-the-certs-files\">Create directory to store the certs files<\/a><\/li><li><a href=\"#generate-ca-in-pkcs-12-format\">Generate CA in PKCS#12 format<\/a><\/li><li><a href=\"#generate-ca-in-pem-format\">Generate CA in PEM format<\/a><\/li><li><a href=\"#generate-the-certificates-in-pkcs-12-format\">Generate the certificates in PKCS#12 format<\/a><\/li><li><a href=\"#generate-the-certificates-in-pem-format\">Generate the certificates in PEM format<\/a><\/li><\/ul><\/li><li><a href=\"#enable-elasticsearch-security-features-on-all-nodes\">Enable Elasticsearch Security Features on ALL Nodes<\/a><\/li><li><a href=\"#enabling-https-connection-between-elasticsearch-nodes-1\">Enabling HTTPS Connection Between Elasticsearch Nodes<\/a><ul><li><a href=\"#copy-certificates-to-other-elasticsearch-nodes\">Copy Certificates to Other Elasticsearch Nodes<\/a><\/li><li><a href=\"#add-certificate-password-to-elasticsearch-keystore\">Add Certificate Password to Elasticsearch Keystore<\/a><\/li><li><a href=\"#restart-elasticsearch\">Restart Elasticsearch<\/a><\/li><\/ul><\/li><li><a href=\"#create-passwords-for-built-in-elastic-users\">Create Passwords for Built-in Elastic Users<\/a><\/li><li><a href=\"#configure-security-in-kibana\">Configure Security in Kibana<\/a><\/li><li><a href=\"#authenticating-to-kibana-web-interface\">Authenticating to Kibana Web Interface<\/a><\/li><li><a href=\"#reference\">Reference<\/a><\/li><li><a href=\"#other-tutorials\">Other Tutorials<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n\n\n<p>If you want to learn how to configure and setup Elasticsearch cluster, check out our previous guide by following the link below;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/setup-multi-node-elasticsearch-cluster\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">Configure Multi-node Elasticsearch Cluster<\/a><\/p>\n\n\n\n<p>See also;<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/how-to-enable-basic-authentication-on-elk-stack\/\" target=\"_blank\" rel=\"noreferrer noopener\">How to Enable Basic Authentication on ELK Stack<\/a><\/p>\n\n\n\n<p><a class=\"rank-math-link\" href=\"https:\/\/kifarunix.com\/enable-kibana-https-connection\/\" target=\"_blank\" rel=\"noreferrer noopener\">Enable Kibana HTTPS Connection<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"enabling-https-connection-between-elasticsearch-nodes\">Enabling HTTPS Connection Between Elasticsearch Nodes<\/h2>\n\n\n\n<p>Elasticsearch nodes in a cluster communicate via a transport protocol that uses TCP port 9300. Note that the HTTP connection between Elasticsearch and the REST clients such as Kibana, Filebeat communicate via TCP port 9200.<\/p>\n\n\n\n<p>Checking our Cluster nodes;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>curl -XGET es-node-01.kifarunix-demo.com:9200\/_cat\/nodes?v<\/code><\/pre>\n\n\n\n<pre class=\"scroll-sz\"><code>\nip            heap.percent ram.percent cpu load_1m load_5m load_15m node.role  master name\n192.168.59.19           29          84   1    1.90    1.31     1.06 cdhilmrstw *      es-node-03\n192.168.59.17           48          86   2    1.49    1.46     1.17 cdhilmrstw -      es-node-01\n192.168.59.18           22          84   1    1.61    1.35     1.14 cdhilmrstw -      es-node-02\n<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"generate-elasticsearch-tls-ssl-certificates-on-one-of-the-nodes\">Generate Elasticsearch TLS\/SSL Certificates on One of the Nodes<\/h3>\n\n\n\n<p>You need to generate x509 TLS\/SSL certificates to enable you encrypt communication between nodes.<\/p>\n\n\n\n<p>You can generate the TLS certs and key using <strong><code>elasticsearch-certutil <\/code><\/strong>tool.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"create-directory-to-store-the-certs-files\">Create directory to store the certs files<\/h4>\n\n\n\n<p>On <strong>ALL the nodes<\/strong>, run the command below to create a directory to store the certificate files.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">mkdir \/etc\/elasticsearch\/certs\/<\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-ca-in-pkcs-12-format\">Generate CA in PKCS#12 format<\/h4>\n\n\n\n<p>The command below generates a CA certificate and private key and store it it under the directory created above under the name <code><strong>elk-cluster-ca.p12<\/strong><\/code>, in PKCS12 format.<\/p>\n\n\n\n<p>The command will also prompt you to enter the password for securing the CA file. <strong>We use an empty password by just pressing ENTER in this setup<\/strong>.<\/p>\n\n\n\n<pre class=\"scroll-sz\"><code>\/usr\/share\/elasticsearch\/bin\/elasticsearch-certutil ca \\\n\t--out \/etc\/elasticsearch\/certs\/elk-cluster-ca.p12 \\\n\t--days 3650\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-ca-in-pem-format\">Generate CA in PEM format<\/h4>\n\n\n\n<p>If you want to generate the CA in PEM format, run the command below. The command generates a zip file containing individual files for the CA certificate and private key.<\/p>\n\n\n\n<pre class=\"scroll-sz\"><code>\/usr\/share\/elasticsearch\/bin\/elasticsearch-certutil ca \\\n\t--pem \\\n\t--out \/etc\/elasticsearch\/certs\/elk-cluster-ca.zip \\\n\t--days 3650\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-the-certificates-in-pkcs-12-format\">Generate the certificates in PKCS#12 format<\/h4>\n\n\n\n<p>By default the command generates a single output file which contains:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>a certificate,<\/li>\n\n\n\n<li>private key<\/li>\n\n\n\n<li>the CA certificate.<\/li>\n<\/ul>\n\n\n\n<p>It also prompts for the CA password (if you set the password above, otherwise press enter to use blank password) and the certificate password.<\/p>\n\n\n\n<pre class=\"scroll-sz\"><code>\/usr\/share\/elasticsearch\/bin\/elasticsearch-certutil cert \\\n\t--ca \/etc\/elasticsearch\/certs\/elk-cluster-ca.p12 \\\n\t--out \/etc\/elasticsearch\/certs\/elk-cluster-cert.p12 \\\n\t--days 3650\n<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"generate-the-certificates-in-pem-format\">Generate the certificates in PEM format<\/h4>\n\n\n\n<p>To generate the certificates in PEM format, unzip the CA cert and key files;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">unzip \/etc\/elasticsearch\/certs\/elk-cluster-ca.zip -d \/etc\/elasticsearch\/certs\/<\/pre>\n\n\n\n<p>Next, generate the certificates in PEM format;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\/usr\/share\/elasticsearch\/bin\/elasticsearch-certutil cert \\\n\t--pem \\\n\t--ca-cert \/etc\/elasticsearch\/certs\/ca\/ca.crt \\\n\t--ca-key \/etc\/elasticsearch\/certs\/ca\/ca.key \\\n\t--days 3650 \\\n\t--out \/etc\/elasticsearch\/certs\/elk-cluster-cert.zip\n<\/code><\/pre>\n\n\n\n<p>Unzip the files;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">unzip \/etc\/elasticsearch\/certs\/elk-cluster-cert.zip  -d \/etc\/elasticsearch\/certs\/<\/pre>\n\n\n\n<p>Set the ownership of the certificate files to <strong>elasticsearch<\/strong> user.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">chown -R elasticsearch: \/etc\/elasticsearch\/certs\/<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"enable-elasticsearch-security-features-on-all-nodes\">Enable Elasticsearch Security Features on ALL Nodes<\/h3>\n\n\n\n<p>The default installation of Elasticsearch uses basic license which comes with security features disabled by default.<\/p>\n\n\n\n<p>To enable Elasticsearch security features, set the value for <code><strong>xpack.security.enabled<\/strong><\/code> to <strong>true<\/strong> by running the command below in <strong>every node<\/strong> in the Elasticsearch cluster.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">echo \"xpack.security.enabled: true\" &gt;&gt; \/etc\/elasticsearch\/elasticsearch.yml<\/pre>\n\n\n\n<p>Similarly, you need to enable Elasticsearch node transport SSL\/TLS settings;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">echo \"xpack.security.transport.ssl.enabled: true\" &gt;&gt; \/etc\/elasticsearch\/elasticsearch.yml<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"enabling-https-connection-between-elasticsearch-nodes-1\">Enabling HTTPS Connection Between Elasticsearch Nodes<\/h3>\n\n\n\n<p>Once the above is done, you need to specify path to the certificate files generated above.<\/p>\n\n\n\n<p>If you used the <strong>PKCS#12 format<\/strong>, enter the following lines in <strong><code>elasticsearch.yml<\/code><\/strong> file on every node in Elasticsearch.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>xpack.security.transport.ssl.verification_mode: certificate \nxpack.security.transport.ssl.keystore.path: certs\/elk-cluster-cert.p12 \nxpack.security.transport.ssl.truststore.path: certs\/elk-cluster-cert.p12<\/code><\/pre>\n\n\n\n<p>If you are using the <strong>PEM files<\/strong>, then enter the lines below in <strong><code>elasticsearch.yml<\/code><\/strong> file on every node in Elasticsearch.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>xpack.security.transport.ssl.verification_mode: certificate\nxpack.security.transport.ssl.key: certs\/instance\/instance.key\nxpack.security.transport.ssl.certificate: certs\/instance\/instance.crt\nxpack.security.transport.ssl.certificate_authorities: certs\/ca\/ca.crt<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"copy-certificates-to-other-elasticsearch-nodes\">Copy Certificates to Other Elasticsearch Nodes<\/h4>\n\n\n\n<p>Before you can start Elasticsearch on other nodes, ensure that you have copied the certificates;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>for i in node02 node03; do rsync -avP \/etc\/elasticsearch\/certs root@$i:\/etc\/elasticsearch\/; done<\/code><\/pre>\n\n\n\n<p>Set the ownership of the certificate files to <strong>elasticsearch<\/strong> user.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chown -R elasticsearch: \/etc\/elasticsearch\/certs\/<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"add-certificate-password-to-elasticsearch-keystore\">Add Certificate Password to Elasticsearch Keystore<\/h4>\n\n\n\n<p>If you secured your certificates with a password, you need to add the password to the Elasticsearch keystore <strong>on all the cluster nodes.<\/strong><\/p>\n\n\n\n<p>If you used the certificates in PKCS#12 format, run the commands below to add the certificate password to the keystore:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>\/usr\/share\/elasticsearch\/bin\/elasticsearch-keystore add \\\nxpack.security.transport.ssl.truststore.secure_password<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>\/usr\/share\/elasticsearch\/bin\/elasticsearch-keystore add \\\nxpack.security.transport.ssl.keystore.secure_password<\/code><\/pre>\n\n\n\n<p>If you used the certificates in PEM format, use the command below to add the certificate key to keystore:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>\/usr\/share\/elasticsearch\/bin\/elasticsearch-keystore add \\\nxpack.security.transport.ssl.secure_key_passphrase<\/code><\/pre>\n\n\n\n<h4 class=\"wp-block-heading\" id=\"restart-elasticsearch\">Restart Elasticsearch<\/h4>\n\n\n\n<p>Next, restart Elasticsearch service to effect the changes;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">systemctl restart elasticsearch<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"create-passwords-for-built-in-elastic-users\">Create Passwords for Built-in Elastic Users<\/h3>\n\n\n\n<p>When you enable basic Elastic security features, you need to set the passwords for the built-in Elasticsearch users especially the <strong>elastic<\/strong> and <strong>kibana_system<\/strong> users to enable you run the REST queries.<\/p>\n\n\n\n<p>Take for example, you want to check the nodes in the cluster by running the command;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>curl -XGET es-node-01.kifarunix-demo.com:9200\/_cat\/nodes?pretty \\\n\t--cacert \/etc\/elasticsearch\/certs\/elk-cluster-ca.p12<\/code><\/pre>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\n{\n  \"error\" : {\n    \"root_cause\" : [\n      {\n        \"type\" : \"security_exception\",\n        \"reason\" : \"missing authentication credentials for REST request [\/_cat\/nodes?pretty]\",\n        \"header\" : {\n          \"WWW-Authenticate\" : \"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"\n        }\n      }\n    ],\n    \"type\" : \"security_exception\",\n    \"reason\" : \"missing authentication credentials for REST request [\/_cat\/nodes?pretty]\",\n    \"header\" : {\n      \"WWW-Authenticate\" : \"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"\n    }\n  },\n  \"status\" : 401\n}\n<\/code><\/pre>\n\n\n\n<p>Passwords can be randomly generated or can be manually set using <strong><code>elasticsearch-setup-passwords<\/code><\/strong> utility.<\/p>\n\n\n\n<p><strong>You can only run the password creation ONCE on any node in the cluster<\/strong>.<\/p>\n\n\n\n<p>To automatically generate random passwords for built-in Elastic users, run the command;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">\/usr\/share\/elasticsearch\/bin\/elasticsearch-setup-passwords auto<\/pre>\n\n\n\n<p>When the command runs, confirm the process.<\/p>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"scroll-box\"><code>\nChanged password for user apm_system\nPASSWORD apm_system = eXvv3x7zs9O7qbYgMvLW\n\nChanged password for user kibana_system\nPASSWORD kibana_system = mLhDnalWA8yPpPuE0GFB\n\nChanged password for user kibana\nPASSWORD kibana = mLhDnalWA8yPpPuE0GFB\n\nChanged password for user logstash_system\nPASSWORD logstash_system = p4nAxkl1MGss7VU18TzT\n\nChanged password for user beats_system\nPASSWORD beats_system = L1Xm8xnUM7yKAfBAR3Nx\n\nChanged password for user remote_monitoring_user\nPASSWORD remote_monitoring_user = uNHAxTVX0LSXwnX54hzr\n\nChanged password for user elastic\nPASSWORD elastic = o8u1zQm93o5Py3huqqt1\n<\/code><\/pre>\n\n\n\n<p>Save the passwords in a place where you can easily retrieve when needed.<\/p>\n\n\n\n<p>In most cases, we will be using the passwords for <strong>elastic<\/strong> and <strong>kibana_system<\/strong> users.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>elastic<\/strong> is a built-in superuser in Elastic stack.<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>kibana_system<\/strong> is the user Kibana uses to connect and communicate with Elasticsearch.<\/li>\n<\/ul>\n\n\n\n<p>For example, you can now specify the username in the curl command ran above.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>curl -XGET es-node-01.kifarunix-demo.com:9200\/_cat\/nodes?pretty \\\n--cacert \/etc\/elasticsearch\/certs\/elk-cluster-ca.p12 -u elastic<\/code><\/pre>\n\n\n\n<p>Enter the password generated above for <strong>elastic<\/strong> user.<\/p>\n\n\n\n<p>Sample output;<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>192.168.59.17 19 75 1 0.23 0.37 0.58 cdhilmrstw - es-node-01\n192.168.59.18 53 73 0 0.01 0.26 0.62 cdhilmrstw * es-node-02\n192.168.59.19 42 73 0 0.04 0.28 0.62 cdhilmrstw - es-node-03<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"configure-security-in-kibana\">Configure Security in Kibana<\/h3>\n\n\n\n<p>There are some internal requests that Kibana makes to Elasticsearch. Since you have enabled HTTPS Elasticsearch authentication, such requests that Kibana makes, also need to be authenticated. Credentials for the <strong>kibana_system<\/strong> used can be used in this case ad thus you need to add them to Kibana.<\/p>\n\n\n\n<p>Credentials for the user can be defined in plain text in Kibana configuration file, <strong>kibana.yml<\/strong> or can be added to Kibana keystore.<\/p>\n\n\n\n<p>The credentials were generated above.<\/p>\n\n\n\n<p>To add the credentials in Kibana configuration file, enter the lines in the <strong>kibana.yml<\/strong>.<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>vim \/etc\/kibana\/kibana.yml<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-code\"><code>elasticsearch.username: \"kibana_system\"\nelasticsearch.password: \"mLhDnalWA8yPpPuE0GFB\"<\/code><\/pre>\n\n\n\n<p>To add the credentials to the Keystore instead of putting them on <strong><code>\/etc\/kibana\/kibana.yml<\/code><\/strong>, create Kibana keystore and add them as shown below;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>chmod g+w \/etc\/kibana\/<\/code><\/pre>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -u kibana \/usr\/share\/kibana\/bin\/kibana-keystore create<\/code><\/pre>\n\n\n\n<p>Add the user, kibana_system:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -u kibana \/usr\/share\/kibana\/bin\/kibana-keystore add elasticsearch.username<\/code><\/pre>\n\n\n\n<p>Add the password:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>sudo -u kibana \/usr\/share\/kibana\/bin\/kibana-keystore add elasticsearch.password<\/code><\/pre>\n\n\n\n<p>Restart Kibana Service<\/p>\n\n\n\n<p>Next, restart Kibana service;<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\"><code>systemctl restart kibana<\/code><\/pre>\n\n\n\n<p>You can also check our guide on how to enable Kibana HTTPS connection.<\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/enable-kibana-https-connection\/\">Quick Way to Enable Kibana HTTPS Connection<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"authenticating-to-kibana-web-interface\">Authenticating to Kibana Web Interface<\/h3>\n\n\n\n<p>Once you enable Security features, you will be required to authenticate with a valid user before you can access Kibana web interface.<\/p>\n\n\n\n<p>In this setup, you can use the Elastic superuser created above, <strong>elastic<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1289\" height=\"716\" src=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/kibana-elastic-authentication.png\" alt=\"\" class=\"wp-image-8943\" title=\"\" srcset=\"https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/kibana-elastic-authentication.png?v=1622383770 1289w, https:\/\/kifarunix.com\/wp-content\/uploads\/2021\/05\/kibana-elastic-authentication-768x427.png?v=1622383770 768w\" sizes=\"(max-width: 1289px) 100vw, 1289px\" \/><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"reference\">Reference<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.elastic.co\/guide\/en\/elasticsearch\/reference\/current\/configuring-tls.html\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"rank-math-link\">Configuring TLS in Elasticsearch<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"other-tutorials\">Other Tutorials<\/h3>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/integrate-wazuh-manager-with-elk-stack\/\">Integrate Wazuh Manager with ELK Stack<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/configure-elk-stack-alerting-with-elastalert\/\">Configure ELK Stack Alerting with ElastAlert<\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/kifarunix.com\/monitor-linux-system-metrics-with-elk-stack\/\">Monitor Linux System Metrics with ELK Stack<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In this tutorial, you will learn how to enable HTTPS connection between Elasticsearch nodes. One of the Elastic security features is to enable encryption between<\/p>\n","protected":false},"author":3,"featured_media":8944,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[72,910,121,34],"tags":[3595,1853,3592,3596,3599,3594,3591,3609,3597,3574,3598],"class_list":["post-8911","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-monitoring","category-elastic-stack","category-howtos","category-security","tag-configure-elasticsearch-https","tag-elastic","tag-elasticsearch-cluster-https","tag-elasticsearch-https","tag-elasticsearch-certutil","tag-elk-https","tag-enable-elasticsearch-https","tag-enable-tls-for-elasticsearch","tag-https-in-elasticsearch","tag-kibana-https","tag-kibana_system","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","resize-featured-image"],"_links":{"self":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/8911"}],"collection":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/comments?post=8911"}],"version-history":[{"count":20,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/8911\/revisions"}],"predecessor-version":[{"id":21830,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/posts\/8911\/revisions\/21830"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media\/8944"}],"wp:attachment":[{"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/media?parent=8911"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/categories?post=8911"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kifarunix.com\/wp-json\/wp\/v2\/tags?post=8911"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}