SearchBlox for Elastic Server

Below are the steps to enable SSL for the external Elastic server and Integrate it with SearchBlox Onprem version 10.x.

Prerequisites:

To configure SSL in Elasticsearch, CA Certificate, Elasticsearch Node Certificate, and HTTP Certificate are mandatory. Please ensure you have the Elastic Server deployed in the server and stop the server if it is already running.

Steps to Generate Self-Signed Elastic Server Certificate:

  1. Open the command prompt and navigate to folder /bin

  2. To create a self-signed CA certificate run the following command(If you have your own CA certificate you can skip this step):

            elasticsearch-certutil  ca       
    

    elastic-stack-ca.p12 file will be generated inside <elasticsearch-installation-path>/.
    Note: It may ask for “desired output file” and “password for the same”. (Optional)

  3. Create a certificate for the ElasticSearch node using the following command:

        elasticsearch-certutil cert --ca elastic-stack-ca.p12
    

    Note: It may ask for the following, if you have provided it, else just press enter

Enter password for CA (elastic-stack-ca.p12) :
Please enter the desired output file [elastic-certificates.p12]:
Enter the password for elastic-certificates.p12 :

  1. Move the generated file, inside the <elasticsearch-installation path>/config folder and provide full permissions.

  2. Create a certificate to enable HTTPS communication to run the following command: (You need the CA certificate for this step)

       elasticsearch-certutil  http
    

    Note: It may ask the following questions, and you can provide the location of the CA certificate as shown.

Generate a CSR? [y/N] - press N
Use an existing CA? [y/N] - press Y
CA Path:<elasticsearch-installation -path>/elastic-stack-ca.p12

  1. Zip file will be generated in /<elasticsearch-installation-path>/elasticsearch-ssl-http.zip

  2. Unzip the file and you will be able to see a “http.p12” file.

  3. Move the generated http.p12 file, inside the <elasticsearch-installation path>/config folder and provide full permissions.

  4. Go to <elasticsearch-installation path>/config and add the following lines in “elasticsearch.yml” and save it.

xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "http.p12"
           
xpack.security.enabled: true	
xpack.security.http.ssl.verification_mode: certificate
  1. Restart Elastic Server

  2. Open the command prompt and from the same path /bin
    Run the following command:

           elasticsearch-setup-passwords interactive
    

Note: This command will generate the passwords for elastic, kibana, apm_system, logstash_system, beats_system, and remote_monitoring_user.
So, you have to provide the password for all the above. Better to provide the same password for all.

  1. Go to https://localhost:9200 and check it.
    Username: elastic
    Password:<newly-generated-password>

Integrate External Elastic with SearchBlox Onprem 10.x

  1. Make sure the SearchBlox service is stopped before configuring it with External Elastic Server.
  2. Open the searchblox.yml file under the patch <SearchBlox_installation_Directory>/webapps/ROOT/WEB-INF
  3. Configure the External Elastic path, and port, along with its user credentials if exists.
# ===============SearchBlox Elasticsearch Configuration ====================
searchblox.deployment.type: onPrem
searchblox.elasticsearch.host: localhost
searchblox.elasticsearch.port: 9200
searchblox.elasticsearch.basic.username: elastic
searchblox.elasticsearch.basic.password: xxxxxxxxx
es.home: C:\Users\Administrator\Downloads\elasticsearch-7.17.0
  1. Restart SearchBlox Service.