Tutorial: Encrypting communicationsedit

When you enable Elasticsearch security features, unless you have a trial license, you must use Transport Layer Security (TLS) to encrypt internode communication. In this tutorial, you learn how to meet the minimum requirements to pass the TLS bootstrap check.

Note

Single-node clusters that use a loopback interface do not have this requirement.

Before you beginedit

Ideally, you should do this tutorial only after you complete the Getting started with the Elastic Stack and Getting started with security tutorials. At a minimum, you must:

  1. Install and configure Elasticsearch and Kibana in a cluster with a single Elasticsearch node, as described in Getting started with the Elastic Stack. In particular, this tutorial provides instructions that work with the zip and tar.gz packages.
  2. Verify that you are using a license that includes the encrypted communications security features. To view your license in Kibana, go to Management and click License Management.

    By default, when you install Elastic Stack products, they apply basic licenses with no expiration dates. To complete this tutorial, you must have a basic or trial license at a minimum. For more information, see https://www.elastic.co/subscriptions and License management.

  3. Enable the Elasticsearch security features.
  4. Create passwords for built-in users.
  5. Add the built-in user to Kibana.
  6. Stop Kibana. The method for starting and stopping Kibana varies depending on how you installed it. For example, if you installed Kibana from an archive distribution (.tar.gz or .zip), stop it by entering Ctrl-C on the command line. See Starting and stopping Kibana.
  7. Stop Elasticsearch. For example, if you installed Elasticsearch from an archive distribution, enter Ctrl-C on the command line. See Stopping Elasticsearch.