|
@@ -1,16 +1,15 @@
|
|
|
[[ssl-tls]]
|
|
|
-=== Setting Up TLS on a cluster
|
|
|
+=== Setting up TLS on a cluster
|
|
|
|
|
|
-The {stack} {security-features} enables you to encrypt traffic to, from, and
|
|
|
+The {stack} {security-features} enable you to encrypt traffic to, from, and
|
|
|
within your {es} cluster. Connections are secured using Transport Layer Security
|
|
|
(TLS), which is commonly referred to as "SSL".
|
|
|
|
|
|
WARNING: Clusters that do not have encryption enabled send all data in plain text
|
|
|
-including passwords and will not be able to install a license that enables
|
|
|
-{security-features}.
|
|
|
+including passwords. If the {es} {security-features} are enabled, unless you have a trial license, you must configure SSL/TLS for internode-communication.
|
|
|
|
|
|
The following steps describe how to enable encryption across the various
|
|
|
-components of the Elastic Stack. You must perform each of the steps that are
|
|
|
+components of the {stack}. You must perform each of the steps that are
|
|
|
applicable to your cluster.
|
|
|
|
|
|
. Generate a private key and X.509 certificate for each of your {es} nodes. See
|
|
@@ -22,14 +21,14 @@ enable TLS on the HTTP layer. See
|
|
|
{ref}/configuring-tls.html#tls-transport[Encrypting Communications Between Nodes in a Cluster] and
|
|
|
{ref}/configuring-tls.html#tls-http[Encrypting HTTP Client Communications].
|
|
|
|
|
|
-. Configure {monitoring} to use encrypted connections. See <<secure-monitoring>>.
|
|
|
+. Configure the {monitor-features} to use encrypted connections. See <<secure-monitoring>>.
|
|
|
|
|
|
. Configure {kib} to encrypt communications between the browser and
|
|
|
the {kib} server and to connect to {es} via HTTPS. See
|
|
|
-{kibana-ref}/using-kibana-with-security.html[Configuring Security in {kib}].
|
|
|
+{kibana-ref}/using-kibana-with-security.html[Configuring security in {kib}].
|
|
|
|
|
|
. Configure Logstash to use TLS encryption. See
|
|
|
-{logstash-ref}/ls-security.html[Configuring Security in Logstash].
|
|
|
+{logstash-ref}/ls-security.html[Configuring security in {ls}].
|
|
|
|
|
|
. Configure Beats to use encrypted connections. See <<beats>>.
|
|
|
|