Skip to main content
Skip table of contents

Configuring SSL for Shinydocs Indexer

Requirements

  • Elasticsearch & Kibana Free Tier (non-oss)

  • Either:

    • .pk12 SSL certificate (preferred)

    • Generate a self-signed certificate with Elasticsearch

Steps for existing PK12 certificate

  1. Create a folder called “certs” in ..\indexer\config\

    1. You should now have the path ..\indexer\config\certs

  2. Add the following to elasticsearch.yml
    Replace elastic-certificates.p12 with the organizations .p12 file

    CODE 
    xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/elastic-certificates.p12 
xpack.security.http.ssl.truststore.path: certs/elastic-certificates.p12

  3. If the certificate has a password:

    1. Open CMD

    2. Use the cd command to navigate into ..\indexer\bin

    3. Run the following two commands, and provide the password each time

      CODE 
      elasticsearch-keystore.bat add xpack.security.http.ssl.keystore.secure_password
elasticsearch-keystore.bat add xpack.security.http.ssl.truststore.secure_password

  4. Restart Elasticsearch

Steps for generating a self-signed certificate with Elasticsearch

  1. Create a folder called “certs” in ..\indexer\config\

    1. You should now have the path ..\indexer\config\certs

  2. Open CMD and cd to ..\indexer\bin

  3. Run the following to initiate key generation:

    CODE 
    elasticsearch-certutil.bat ca

  4. Provide a name (that ends in .pk12) or press enter to use the default elastic-stack-ca.p12

  5. Enter the desired password for the certificate (optional)

  6. There will be a new file in ..\indexer\bin called elastic-stack-ca.p12, copy that file into ..\indexer\config\certs

  7. Add the following to elasticsearch.yml

    CODE 
    xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certs/elastic-stack-ca.p12 
xpack.security.http.ssl.truststore.path: certs/elastic-stack-ca.p12

  8. If the certificate has a password:

    1. Open CMD

    2. Use the cd command to navigate into ..\indexer\bin

    3. Run the following command, and provide the password for the key

      CODE 
      elasticsearch-keystore.bat add xpack.security.http.ssl.keystore.secure_password
elasticsearch-keystore.bat add xpack.security.http.ssl.truststore.secure_password

  9. Restart Elasticsearch

Adjust Kibana Config for SSL Elasticsearch

Now that Elasticsearch is on SSL, Kibana’s config will need to be updated to work with HTTPS

  1. Change elasticsearch.hosts URL to https and uncomment the line if commented
    eg. elasticsearch.hosts: ["https://localhost:9200"]

  2. If the certificate is self-signed, you will need to tell Kibana that it is okay to proceed. Modify elasticsearch.ssl.verificationMode to none
    eg. elasticsearch.ssl.verificationMode: none

  3. Restart Kibana

Now that Elasticsearch is on https/SSL, all nodes in the cluster will need to be updated with the cert. You will need to use the same commands for elasticsearch-keystore.bat, and make the same modifications to the elasticsearch.yml files.

If the crawler is on a different machine than the index, you will need to install those certificates on that machine as well.

Reference

https://www.elastic.co/guide/en/elasticsearch/reference/6.8/configuring-tls.html#node-certificates

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close