Configure the IBM Connections™
deployment's Metrics SSL settings to connect to the new stand-alone Elasticsearch
instance.
Before you begin
This task only applies to a stand-alone Elasticsearch deployment where type-ahead search was not
enabled. If you previously enabled type-ahead search for Elasticsearch, skip this task because you
have already completed these steps. If you installed Elasticsearch as part of the Component Pack for
Connections, skip this task because it does not apply.
Procedure
-
To ensure a secure connection, retrieve the PKCS12 and CA Signer certificates from the
Elasticsearch server.
Note: If you are migrating from the Component Pack version of Elasticsearch, do not overwrite your
previous keys certificates.
-
Copy the certificate files to the Deployment Manager in a common location readable and writable
by all WebSphere® Application Server nodes.
-
Open wsadmin, making sure that you use the -lang jython option. For example,
on Unix, run the following commands to open wsadmin:
cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin
./wsadmin.sh -lang jython
-
Run the following commands to merge the signer certificate into the
elasticsearch-metrics.p12
keystore:
execfile('esSecurityAdmin.py')
enableSslForMetrics('KEYSTORE_FULL_PATH', 'STORE_PASSWORD', 'SIGNER_CA_FULL_PATH', 'ELASTICSEARCH_HTTPS_PORT')
quit
For
example:
execfile('esSecurityAdmin.py')
enableSslForMetrics('/opt/IBM/elasticsearch-metrics.p12', 'Elasticsearch_CA_password', '/opt/IBM/chain-ca.pem', '9200')
-
Copy the updated elasticsearch-metrics.p12 file from the Deployment
Manager to the same location on the WebSphere
Application Server nodes.
-
If you are using type-ahead search on a separate cluster, add the SSL configuration as
explained in Setting up certificates for type-ahead search.