Learn how to enable HTTPS in Elastic Search.


  1. Create Elastic Search Keystore file using below command:
    1. cd /etc/elasticsearch
    2. <JRE_HOME>/bin/keytool -genkeypair -keystore keystore.jks -dname "CN=<FQDN>, OU=<Org Unit>, O=<Org Name>, L=<City>, ST=<State>, C=<Country>" -keypass readonlyrest -storepass readonlyrest -keyalg RSA -alias <alias name> -storetype PKCS12 -ext SAN=dns:<FQDN>,ip:<IP Address>
  2. To enable ReadonlyREST's SSL stack, open elasticsearch.yml and add the below line:
     http.type: ssl_netty4
  3. In readonlyrest.yml add the following settings:
    keystore_file: "keystore.jks"
    keystore_pass: readonlyrest
    key_pass: readonlyrest

    The keystore should be stored in the same directory as elasticsearch.yml and readonlyrest.yml.

  4. Restart Elastic Search.
  5. Repeat steps 1-4 for each instance of Elastic Search in the Cluster.
  6. Export certificate from the keystore for each Elastic Search instance using below command:
    1. cd /etc/elasticsearch
    2. <JRE_HOME>/bin/keytool -export -keystore /etc/elasticsearch/keystore.jks -storepass readonlyrest -alias <alias name> -rfc > /root/esdb.crt
  7. Create /opt/ssl directory in the installation server.
  8. Copy esdb.crt file from each Elastic Search instance to installation server under /opt/ssl directory.
    Note: The /opt/ssl/esdb.crt file in the installation server must contain consolidated certificates of all Elastic Search instances in the cluster.