Encrypt the Elasticsearch Client Network

1.5 hours
  • 2 Learning Objectives

About this Hands-on Lab

No matter what technology we are working with, we always need to be mindful of security. Big data platforms are certainly no exception, as they can contain massive amounts of sensitive data that must be protected. Elasticsearch has made securing your cluster very easy with native security configurations and tools to ensure that your data is only accessible to authorized users. In this hands-on lab, you will have the opportunity to encrypt the client network of an Elasticsearch cluster in order to protect the integrity and privacy of API requests between a client and an Elasticsearch node.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Configure client network encryption.

Using the Secure Shell (SSH), log in to each node as cloud_user via the public IP address.

Become the root user with:

sudo su -

Add the following to /etc/elasticsearch/elasticsearch.yml on each node:

xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: certificate.p12
xpack.security.http.ssl.truststore.path: certificate.p12
Restart Elasticsearch.

Restart Elasticsearch with:

systemctl restart elasticsearch

Additional Resources

You are the administrator of a 3-node Elasticsearch cluster which is currently used for ad-hoc analysis of business data by your organization. The cluster has already been secured by encrypting the transport network and enabling user authentication but the organization would like you to enable client network encryption as well so that API requests can be obfuscated from anyone monitoring network traffic.

To accomplish this, you can use the existing PKCS#12 certificate package that is being used to encrypt the transport network to also encrypt the client network. It should be noted that this is a self-signed certificate and so it will not be globally trusted.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?