Configuring the Metrics SSL settings for Elasticsearch
Configure the HCL Connections™ deployment's Metrics SSL settings to connect to the new stand-alone Elasticsearch instance.
Before you begin
This task only applies to a stand-alone Elasticsearch deployment where type-ahead search was not enabled. If you previously enabled type-ahead search for Elasticsearch, skip this task because you have already completed these steps. If you installed Elasticsearch as part of the Component Pack for Connections, skip this task because it does not apply.
Procedure
-
To ensure a secure connection, retrieve the PKCS12 and CA Signer certificates from the
Elasticsearch server.
Note: If you are migrating from the Component Pack version of Elasticsearch, do not overwrite your previous keys certificates.
- Copy the certificate files to the Deployment Manager in a common location readable and writable by all WebSphere® Application Server nodes.
-
Open wsadmin, making sure that you use the -lang jython option. For example,
on Unix, run the following commands to open wsadmin:
cd /opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin ./wsadmin.sh -lang jython
-
Run the following commands to merge the signer certificate into the
elasticsearch-metrics.p12
keystore:execfile('esSecurityAdmin.py') enableSslForMetrics('KEYSTORE_FULL_PATH', 'STORE_PASSWORD', 'SIGNER_CA_FULL_PATH', 'ELASTICSEARCH_HTTPS_PORT') quit
For example:execfile('esSecurityAdmin.py') enableSslForMetrics('/opt/IBM/elasticsearch-metrics.p12', 'Elasticsearch_CA_password', '/opt/IBM/chain-ca.pem', '9200')
- Copy the updated elasticsearch-metrics.p12 file from the Deployment Manager to the same location on the WebSphere® Application Server nodes.
- If you are using type-ahead search on a separate cluster, add the SSL configuration as explained in Setting up certificates for type-ahead search.