There are numerous ways to authenticate to Elasticsearch, with the simplest one being using a username & password.
However, sometimes there's need for a certificate-based authentication, which this article discusses.
Step 1 - generate the client certificate
Note: the commands below generate certificates without passwords. It is recommended to protect the certificates with passwords.
SSH to one of the Elasticsearch nodes and
cd to the binaries folder, usually under
Generate a CA certificate (not required if you already use one, e.g. for encrypting communication):
Next generate the client certificate, replacing the name to match the user in your
elasticsearch-certutil cert --ca \
Copy the two certificates to the server running Sophie, to the following path (create if missing):
Open the Sophie web application and navigate to adding new data input. Select Elasticsearch.
Toggle "Advanced" settings, fillout the form specifying the full path-to-keystore files and the respective passwords (leave blank if no password):
Fill out the rest of the form as you would normally, and make sure to use
https:// as the schema in the server-url field.
That's it! Sophie should start reading from your cluster using the Client-Certificate provided.