SSL Encrypted Transmission Configuration

Scenario

This section describes how to enable and disable SSL encryption for Transport and HTTP for Elasticsearch in security mode. After the cluster is installed, SSL is enabled for Transport and HTTP by default. This operation is not involved in normal mode.

• Disabling SSL encryption may pose security risks. Exercise caution when performing this operation. If the configuration is incorrect, the service cannot be accessed.
• Ensure that the values of the configuration items ELASTICSEARCH_SECURITY_ENABLE, SECURITY_SSL_HTTP_ENABLE, and SECURITY_SSL_TRANSPORT_ENABLE are the same. Otherwise, the service may fail to be accessed.

Impact on the System

After the configuration is changed, you need to restart all instances. During the restart, the instances cannot provide services.

Prerequisites

Elasticsearch has been installed in the cluster.

Parameter Configuration

Configure SSL encryption for Transport

1. Log in to Manager.
2. Choose Cluster > Name of the desired cluster > Services > Elasticsearch > Configurations > All Configurations.
3. Search for the SECURITY_SSL_TRANSPORT_ENABLE parameter.
   • To disable SSL encryption, set this parameter to false and go to 4.
   • To enable SSL encryption, set this parameter to true and go to 4.

4. Save the configuration and restart all Elasticsearch services.

Configure SSL encryption for HTTP

1. Log in to Manager.
2. Choose Cluster > Name of the desired cluster > Services > Elasticsearch > Configurations > All Configurations.
3. Search for the SECURITY_SSL_HTTP_ENABLE parameter.
   • To disable SSL encryption, set this parameter to false and go to 4.
   • To enable SSL encryption, set this parameter to true and go to 4.

4. Save the configuration and restart all Elasticsearch services.