We are going to use ES cluster with PKI based authentication. Our POC setup will be 3 Master Node and 5 data Node.
Our organization will not allow the self signed certificates. So we have to generate the CSR.
So followed the below Steps. is that correct approach? how we can accomplish multiple PKI certificate via the CSR. Don't have load balancer and the DNS register with the hostname not with the CN name.
- Generated the CSR by passing the instance.yml(values as below)
instances:
- name: "CN=abc.global.com,O=abc,OU=global,L=global,ST=global,C=abc"
ip: ['x.x.x.x','x.x.x.x','x.x.x.x','x.x.x.x','x.x.x.x']
dns: ['node1.global.com','node2.global.com'...]
filename: "abc.csr"
Requested Digital sign
Once received cert - Configure the ssl CA(combination of root and intermediate cert) and SSL cert as ssl cert and ssl key as private key of CSR
xpack.security.http.ssl.key: node.key
xpack.security.http.ssl.certificate: node.crt
xpack.security.http.ssl.certificate_authorities: ca.crt
- Create a Realm as match
CN=abc
question from:
https://stackoverflow.com/questions/65944522/can-we-generate-multiple-certificate-for-pki-based-authentication-using-csr-el 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
