Skip to content

Securing Elasticsearch

Hint - TLS encryption

For security reasons, we strongly recommend configuring the TLS encryption.

Caution - Minimal Security

The TLS encryption of Elasticsearch requires database protection by user and password. Therefore you must have activated the Minimal Security of Elastic Stack.

Configuring the TLS Encryption

The TLS encryption of Elasticsearch secures the data transfer from the servers to Elasticsearch via Filebeat and the communication between Kibana and the Elasticsearch database.

The SEAL Elastic Stack installation includes a self-signed TLS certificate. Replace this certificate by your own certificate to secure the connection to Kibana.

  1. Get your own TLS certificate:

    • cert.pem

    • key.pem

  2. On the management server, copy your TLS certificate to the following directory:

    C:\ProgramData\SEAL Systems\config\seal-elasticsearch

    Hint - only own directory

    The internal security module of Elasticsearch only allows the reading of files in its own configuration directory.

  3. In an editor, open the elasticsearch.yml configuration file:

    C:\ProgramData\SEAL Systems\config\seal-elasticsearch\elasticsearch.yml

  4. Add the following lines:

    xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.key: "${ProgramData}/SEAL Systems/config/seal-elasticsearch/key.pem"
xpack.security.http.ssl.certificate: "${ProgramData}/SEAL Systems/config/seal-elasticsearch/cert.pem"

  5. Save the file and exit.

  6. Restart Elasticsearch:

    start-service seal-elasticsearch

  7. Copy the ca.pem certificate to the following directory:

    C:\ProgramData\SEAL Systems\config\tls-external

    If Kibana is installed on a different server than the management server, you have to repeat this step on this server.

  8. In an editor, open the kibana.yml configuration file:

    C:\ProgramData\SEAL Systems\config\kibana.yml

  9. Activate the following lines and specify the server:

    elasticsearch.hosts: [ "https://<management-server>:9200" ]
elasticsearch.ssl.certificateAuthorities: [ "${ProgramData}/SEAL Systems/config/tls-external/ca.pem" ]

    with : FQDN of the Server, on which Elasticserch is installed.

  10. Save the file and exit.

  11. Restart Kibana:

    start-service seal-kibana

  12. In an editor, open the filebeat.yml configuration file:

    C:\ProgramData\SEAL Systems\config\filebeat.yml

  13. In the following line, change the URL to the Elasticsearch Server from http:// to https://:

    output:
  elasticsearch:
    hosts:
      # - http://localhost:9200
      - "https://localhost:9200"

    all Filebeat installations

    Repeat this step on all servers, on which Filebeat is installed.

  14. Filebeat uses Windows system certificates. If the CA certificate has been imported into the Windows system certificate store or has been distributed to all servers, skip this step.

    Otherwise

    1. Copy the ca.pem certificate into the corresponding directory:

      C:\ProgramData\SEAL Systems\config\tls-external\

    2. Add the path to th

      output:
  elasticsearch:
    ssl.certificate_authorities: ["C:\\ProgramData\\SEAL Systems\\config\\tls-external\\ca.pem"]

    all Filebeat installations

    Repeat this step on all servers, on which Filebeat is installed.

  15. Save the file and exit.

  16. Restart Filebeat:

    start-service seal-filebeat
Back to top