- X-Pack Reference for 6.0-6.2 and 5.x:
- Introduction
- Setting Up X-Pack
- Breaking Changes
- X-Pack APIs
- Graphing Connections in Your Data
- Profiling your Queries and Aggregations
- Reporting from Kibana
- Securing Elasticsearch and Kibana
- Monitoring the Elastic Stack
- Alerting on Cluster and Index Events
- Machine Learning in the Elastic Stack
- Troubleshooting
- Getting Help
- X-Pack security
- Can’t log in after upgrading to 6.1.4
- Some settings are not returned via the nodes settings API
- Authorization exceptions
- Users command fails due to extra arguments
- Users are frequently locked out of Active Directory
- Certificate verification fails for curl on Mac
- SSLHandshakeException causes connections to fail
- Common SSL/TLS exceptions
- Internal Server Error in Kibana
- Setup-passwords command fails due to connection failure
- X-Pack Watcher
- X-Pack monitoring
- X-Pack machine learning
- Limitations
- License Management
- Release Notes
WARNING: Version 6.1 of the Elastic Stack has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Setting Up TLS on a Cluster
editSetting Up TLS on a Cluster
editX-Pack security enables you to encrypt traffic to, from, and within your Elasticsearch cluster. Connections are secured using Transport Layer Security (TLS), which is commonly referred to as "SSL".
Clusters that do not have encryption enabled send all data in plain text including passwords and will not be able to install a license that enables X-Pack security.
The following steps describe how to enable encryption across the various components of the Elastic Stack. You must perform each of the steps that are applicable to your cluster.
- Generate a private key and X.509 certificate for each of your Elasticsearch nodes. See Generating Node Certificates.
- Configure each node in the cluster to identify itself using its signed certificate and enable TLS on the transport layer. You can also optionally enable TLS on the HTTP layer. See Enabling TLS on Elasticsearch Nodes.
- Configure X-Pack monitoring to use encrypted connections. See Monitoring and Security.
- Configure Kibana to encrypt communications between the browser and the Kibana server and to connect to Elasticsearch via HTTPS. See Configuring Security in Kibana.
- Configure Logstash to use TLS encryption. See Configuring Security in Logstash.
- Configure Beats to use encrypted connections. See Beats and Security.
- Configure the Java transport client to use encrypted communications. See Java Client and Security.
- Configure Elasticsearch for Apache Hadoop to use secured transport. See Elasticsearch for Apache Hadoop Security.