Below are the steps to enable SSL for the external Elastic server and Integrate it with SearchBlox Onprem version 10.x.


To configure SSL in Elasticsearch, CA Certificate, Elasticsearch Node Certificate, and HTTP Certificate are mandatory. Please ensure you have the Elastic Server deployed in the server and stop the server if it is already running.

### Steps to Generate Self-Signed Elastic Server Certificate:

  1. Open the command prompt and navigate to folder _<elasticsearch-installation path>/bin_

  2. To create a self-signed CA certificate run the following command(If you have your own CA certificate you can skip this step):


    elastic-stack-ca.p12 file will be generated inside `<elasticsearch-installation-path>/`. **Note**: It may ask for “desired output file” and “password for the same”. (Optional)

  3. Create a certificate for the ElasticSearch node using the following command:


    **Note**: It may ask for the following, if you have provided it, else just press enter

Enter password for CA (elastic-stack-ca.p12) : Please enter the desired output file [elastic-certificates.p12]: Enter the password for elastic-certificates.p12 :

  1. Move the generated file, inside the `<elasticsearch-installation path>/config` folder and provide full permissions.

  2. Create a certificate to enable HTTPS communication to run the following command: (You need the CA certificate for this step)


    **Note**: It may ask the following questions, and you can provide the location of the CA certificate as shown.

Generate a CSR? [y/N] - press N Use an existing CA? [y/N] - press Y CA Path:<elasticsearch-installation -path>/elastic-stack-ca.p12

  1. Zip file will be generated in `/<elasticsearch-installation-path>/`

  2. Unzip the file and you will be able to see a “http.p12” file.

  3. Move the generated http.p12 file, inside the `<elasticsearch-installation path>/config` folder and provide full permissions.

  4. Go to `<elasticsearch-installation path>/config` and add the following lines in “elasticsearch.yml” and save it.

  1. Restart Elastic Server

  2. Open the command prompt and from the same path <elasticsearch-installation path>/bin Run the following command:


**Note**: This command will generate the passwords for elastic, kibana, apm_system, logstash_system, beats_system, and remote_monitoring_user. So, you have to provide the password for all the above. Better to provide the same password for all.

  1. Go to `https://localhost:9200` and check it. Username: elastic Password:`<newly-generated-password>`

### Integrate External Elastic with SearchBlox Onprem 10.x

  1. Make sure the SearchBlox service is stopped before configuring it with External Elastic Server.

  2. Open the searchblox.yml file under the patch `<SearchBlox_installation_Directory>/webapps/ROOT/WEB-INF`

  3. Configure the External Elastic path, and port, along with its user credentials if exists.

  1. Restart SearchBlox Service.