0
0
ElasticsearchHow-ToBeginner · 3 min read

How to Enable HTTPS in Elasticsearch Securely

To enable HTTPS in Elasticsearch, configure the xpack.security.http.ssl settings in the elasticsearch.yml file by providing your TLS certificate and key paths. Then restart Elasticsearch to apply secure HTTP communication.
📐

Syntax

To enable HTTPS in Elasticsearch, you add SSL/TLS settings under xpack.security.http.ssl in the elasticsearch.yml configuration file.

Key settings include:

  • enabled: Set to true to activate HTTPS.
  • key: Path to your private key file.
  • certificate: Path to your SSL certificate file.
  • certificate_authorities: Path to CA certificate(s) if using a custom CA.
yaml
xpack.security.http.ssl:
  enabled: true
  key: /path/to/your/private.key
  certificate: /path/to/your/certificate.crt
  certificate_authorities: ["/path/to/your/ca.crt"]
💻

Example

This example shows a minimal elasticsearch.yml snippet to enable HTTPS using self-signed certificates stored locally.

yaml
xpack.security.enabled: true
xpack.security.http.ssl:
  enabled: true
  key: /etc/elasticsearch/certs/elasticsearch.key
  certificate: /etc/elasticsearch/certs/elasticsearch.crt
  certificate_authorities: ["/etc/elasticsearch/certs/ca.crt"]
Output
Elasticsearch starts successfully with HTTPS enabled on port 9200.
⚠️

Common Pitfalls

Common mistakes when enabling HTTPS in Elasticsearch include:

  • Incorrect file paths for certificates or keys causing startup failures.
  • Using certificates without the proper permissions for Elasticsearch to read.
  • Not enabling xpack.security.enabled, which is required for HTTPS.
  • Forgetting to restart Elasticsearch after configuration changes.

Always verify your certificate files and permissions before restarting.

yaml
### Wrong: Missing xpack.security.enabled
xpack.security.http.ssl:
  enabled: true
  key: /wrong/path/key.pem
  certificate: /wrong/path/cert.pem

### Right:
xpack.security.enabled: true
xpack.security.http.ssl:
  enabled: true
  key: /correct/path/key.pem
  certificate: /correct/path/cert.pem
📊

Quick Reference

SettingDescriptionExample Value
xpack.security.enabledEnable Elasticsearch security featurestrue
xpack.security.http.ssl.enabledEnable HTTPS for HTTP layertrue
xpack.security.http.ssl.keyPath to private key file/etc/elasticsearch/certs/elasticsearch.key
xpack.security.http.ssl.certificatePath to SSL certificate file/etc/elasticsearch/certs/elasticsearch.crt
xpack.security.http.ssl.certificate_authoritiesPath to CA cert(s) for validation["/etc/elasticsearch/certs/ca.crt"]

Key Takeaways

Enable HTTPS by setting xpack.security.http.ssl.enabled to true in elasticsearch.yml.
Provide correct paths to your SSL certificate, private key, and CA files.
Ensure xpack.security.enabled is true to activate security features.
Restart Elasticsearch after making configuration changes to apply HTTPS.
Check file permissions and paths carefully to avoid startup errors.

Related by keyword

Elasticsearch vs MongoDB: Key Differences and When to Use EachGetting StartedElasticsearch vs PostgreSQL: Key Differences and When to Use EachGetting StartedElasticsearch vs Redis: Key Differences and When to Use EachGetting StartedElasticsearch vs Solr: Key Differences and When to Use EachGetting StartedHow to Check if Elasticsearch is Running: Simple StepsGetting Started

Up next

What is Ingest Pipeline in Elasticsearch: Explanation and ExampleLogstash vs Ingest Pipeline: Key Differences and When to Use EachHow to Fix Circuit Breaker Exception in ElasticsearchHow to Fix Cluster Red Status in Elasticsearch Quickly

More in Security

How to Create User in Elasticsearch: Step-by-Step GuideHow to Enable Security in Elasticsearch: Step-by-Step GuideHow to Set Up Authentication in Elasticsearch QuicklyHow to Use API Key in Elasticsearch for Secure Access