NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.
Tutorial: Encrypting communications
editTutorial: Encrypting communications
editWhen you enable Elasticsearch security features, unless you have a trial license, you must use Transport Layer Security (TLS) to encrypt internode communication. In this tutorial, you learn how to meet the minimum requirements to pass the TLS bootstrap check.
Single-node clusters that use a loopback interface do not have this requirement.
Before you begin
editIdeally, you should do this tutorial only after you complete the Getting started with the Elastic Stack and Getting started with security tutorials. At a minimum, you must:
-
Install and configure Elasticsearch and Kibana in a cluster with a single Elasticsearch node, as
described in
Getting started with the Elastic Stack. In
particular, this tutorial provides instructions that work with the
zip
andtar.gz
packages. -
Verify that you are using a license that includes the encrypted communications security features. To view your license in Kibana, go to Management and click License Management.
By default, when you install Elastic Stack products, they apply basic licenses with no expiration dates. To complete this tutorial, you must have a basic or trial license at a minimum. For more information, see https://www.elastic.co/subscriptions and License management.
- Enable the Elasticsearch security features.
- Create passwords for built-in users.
- Add the built-in user to Kibana.
-
Stop Kibana. The method for starting and stopping Kibana varies depending on
how you installed it. For example, if you installed Kibana from an archive
distribution (
.tar.gz
or.zip
), stop it by enteringCtrl-C
on the command line. See Starting and stopping Kibana. -
Stop Elasticsearch. For example, if you installed Elasticsearch from an archive distribution,
enter
Ctrl-C
on the command line. See Stopping Elasticsearch.