小白在学习过程中遇到以下关于安全的几个问题,请大神协助解决,在此表示感谢!
1.elastisearch启用了TLS和Https安全,启动后无报错。但是我想通过curl方式验证是否启动成功。结果出错误了,代码如下:curl error: Problem with the SSL CA cert (path access rights?) ,请问加密后要如何验证呢?
我是这样验证的:curl -u elastic:E12345 --cacert ca.crt --capath /opt/elk/elasticsearch-6.2.4/config/ -XGET https://192.168.10.106:9200
elasticsearch配置如下
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /opt/elk/elasticsearch-6.2.4/config/Node-Test-CA.key
xpack.security.transport.ssl.certificate: /opt/elk/elasticsearch-6.2.4/config/Node-Test-CA.crt
xpack.security.transport.ssl.certificate_authorities: [ "/opt/elk/elasticsearch-6.2.4/config/ca.crt" ]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /opt/elk/elasticsearch-6.2.4/config/Node-Test-CA.key
xpack.security.http.ssl.certificate: /opt/elk/elasticsearch-6.2.4/config/Node-Test-CA.crt
xpack.security.http.ssl.certificate_authorities: [ "/opt/elk/elasticsearch-6.2.4/config/ca.crt" ]
x-pack许可证为:mode [basic] - valid
2.Kibana 如何加密通信,官方文档说为Kibana生成服务器证书。 请问服务器证书如何生成?其中server.key 和server.crt如何来。网上说openssl来创建,但是不太明白,求指导。
server.ssl.enabled: true
server.ssl.key: /path/to/your/server.key
server.ssl.certificate: /path/to/your/server.crt
其次cacert.pem是如何来的,是不是elastic创建的ca 证书文件呢?(ca.zip吗?)
elasticsearch.ssl.certificateAuthorities: /path/to/your/cacert.pem
因Kibana配置错误,启动时总是报错,请 大神指教,谢谢!
1.elastisearch启用了TLS和Https安全,启动后无报错。但是我想通过curl方式验证是否启动成功。结果出错误了,代码如下:curl error: Problem with the SSL CA cert (path access rights?) ,请问加密后要如何验证呢?
我是这样验证的:curl -u elastic:E12345 --cacert ca.crt --capath /opt/elk/elasticsearch-6.2.4/config/ -XGET https://192.168.10.106:9200
elasticsearch配置如下
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.key: /opt/elk/elasticsearch-6.2.4/config/Node-Test-CA.key
xpack.security.transport.ssl.certificate: /opt/elk/elasticsearch-6.2.4/config/Node-Test-CA.crt
xpack.security.transport.ssl.certificate_authorities: [ "/opt/elk/elasticsearch-6.2.4/config/ca.crt" ]
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: /opt/elk/elasticsearch-6.2.4/config/Node-Test-CA.key
xpack.security.http.ssl.certificate: /opt/elk/elasticsearch-6.2.4/config/Node-Test-CA.crt
xpack.security.http.ssl.certificate_authorities: [ "/opt/elk/elasticsearch-6.2.4/config/ca.crt" ]
x-pack许可证为:mode [basic] - valid
2.Kibana 如何加密通信,官方文档说为Kibana生成服务器证书。 请问服务器证书如何生成?其中server.key 和server.crt如何来。网上说openssl来创建,但是不太明白,求指导。
server.ssl.enabled: true
server.ssl.key: /path/to/your/server.key
server.ssl.certificate: /path/to/your/server.crt
其次cacert.pem是如何来的,是不是elastic创建的ca 证书文件呢?(ca.zip吗?)
elasticsearch.ssl.certificateAuthorities: /path/to/your/cacert.pem
因Kibana配置错误,启动时总是报错,请 大神指教,谢谢!
2 个回复
yuyaguo
赞同来自:
包包大人
赞同来自:
2、server.ssl.certificate 是 pem 格式的CA证书,server.ssl.key 是证书密钥
3、生成方式 elasticsearch\bin\elasticsearch-certutil cert --pem
生成的包中有 .crt 和 .key 文件
4、kibana 启用认证