參考文章:https://blog.csdn.net/zk673820543/article/details/81781534
1.bin目錄下運行elasticsearch-certgen:
依次輸入生成cert.zip的文件名,節點信息和IP,會在當前目錄生成一個zip壓縮包
2.config目錄下新建cert文件夾,將壓縮包解壓到文件夾會發現ca文件和各個節點密匙文件夾
3.將解壓後的cert文件全部scp到其他節點
4.修改yml配置文件:不同節點指定自己節點的key和crt
xpack.security.transport.ssl.enabled: true
xpack.ssl.key: /home/ql/elasticsearch-6.5.4/config/certs/node1/node1.key
xpack.ssl.certificate: /home/ql/elasticsearch-6.5.4/config/certs/node1/node1.crt
xpack.ssl.certificate_authorities: /home/ql/elasticsearch-6.5.4/config/certs/ca/ca.crt