Step-by-Step Guide to Secure Elasticsearch with SSL Certs and Authentication

This detailed article will show you how to secure Elasticsearch on Ubuntu 20.04 using X-Pack and SSL/TLS encryption.

Step 1: Install your desired version of Elasticsearch

wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.15.0-amd64.deb
wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.15.0-amd64.deb.sha512
shasum -a 512 -c elasticsearch-8.15.0-amd64.deb.sha512 
sudo dpkg -i elasticsearch-8.15.0-amd64.deb

Step 2: Enable X-Pack security

sudo nano /etc/elasticsearch/elasticsearch.yml

• Open the Elasticsearch configuration file for editing.

• Uncomment the line xpack.security.enabled: true by removing the # at the beginning.

• Save the changes and exit the text editor.

Step 3: Generate SSL certificates

sudo mkdir /etc/elasticsearch/certs
sudo apt install openssl
sudo openssl req -x509 -out /etc/elasticsearch/certs/elastic1.crt -keyout /etc/elasticsearch/certs/elastic1.key -newkey rsa:2048 -nodes -sha256 -subj "/C=US/ST=State/L=Location/O=Organization/OU=Organizational Unit/CN=localhost"
sudo openssl pkcs12 -export -in /etc/elasticsearch/certs/elastic1.crt -inkey /etc/elasticsearch/certs/elastic1.key -out /etc/elasticsearch/certs/elastic1.p12 -name "elasticsearch-cert"
sudo chown -R elasticsearch:elasticsearch /etc/elasticsearch/certs
sudo chmod 0400 /etc/elasticsearch/certs/*

• This step generates a self-signed SSL certificate using OpenSSL and converts it to PKCS#12 format.

Step 4: Configure SSL settings

sudo nano /etc/elasticsearch/elasticsearch.yml

• Open the Elasticsearch configuration file for editing.

• Add the following lines at the end of the file to configure SSL settings:

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.keystore.path: /etc/elasticsearch/certs/elastic1.p12
xpack.security.transport.ssl.truststore.path: /etc/elasticsearch/certs/elastic1.p12

• Save the changes and exit the text editor.

Step 5: Restart Elasticsearch

sudo systemctl restart elasticsearch

• This step restarts Elasticsearch to apply the configuration changes.

Step 6: Verify SSL/TLS encryption

curl --cacert /etc/elasticsearch/certs/elastic1.p12 https://localhost:9200

• This command tests the SSL/TLS connection using curl to verify that the SSL/TLS encryption is working properly.

Step 7: Configure user authentication and roles

sudo /usr/share/elasticsearch/bin/elasticsearch-setup-passwords auto

• This step sets the password for the built-in elastic user. Make sure to save the generated password.

• Configure additional users and roles as needed using the elasticsearch-users command.

Step 8: Update firewall rules

• If you have a firewall enabled, allow incoming connections to the Elasticsearch port (default: 9200) and SSL/TLS port (default: 9300) to ensure external access.

• For example, using ufw firewall:

sudo ufw allow 9200/tcp
sudo ufw allow 9300/tcp

• Adjust the commands based on your specific firewall configuration.

By following these steps, you should be able to secure Elasticsearch using X-Pack with SSL/TLS encryption on Ubuntu 20.04. Remember to adjust any file paths or configurations according to your specific requirements.