OpenSearch/x-pack/docs/en/security/securing-communications/securing-elasticsearch.asci...

33 lines
1.2 KiB
Plaintext
Raw Normal View History

[role="xpack"]
[[configuring-tls]]
=== Encrypting Communications in {es}
{security} enables you to encrypt traffic to, from, and within your {es} cluster.
Connections are secured using Transport Layer Security (TLS/SSL).
WARNING: Clusters that do not have encryption enabled send all data in plain text
including passwords and will not be able to install a license that enables {security}.
To enable encryption, you need to perform the following steps on each node in
the cluster:
. Verify that the `xpack.security.enabled` setting is `true`. For more
information, see <<security-settings>>.
. <<node-certificates, Generate a private key and X.509 certificate>>.
. Configure each node to:
.. Required: <<tls-transport,Enable TLS on the transport layer>>.
.. Recommended: <<tls-http,Enable TLS on the HTTP layer>>.
. If you are using Active Directory user authentication,
<<tls-active-directory,encrypt communications between {es} and your Active Directory server>>.
For more information about encrypting communications across the Elastic Stack,
see {xpack-ref}/encrypting-communications.html[Encrypting Communications].
include::node-certificates.asciidoc[]
include::tls-transport.asciidoc[]
include::tls-http.asciidoc[]
include::tls-ad.asciidoc[]