Remote Elasticsearch access with HTTPS

Airlock Gateway logs and system service logs are stored in an Elasticsearch database. Depending on the configuration, a local or remote Elasticsearch installation can be targeted.

When a remote Elasticsearch database is accessed over HTTPS, the server certificate is verified against the local system CAs (storage path /etc/pki/tls/certs/ca-bundle.crt).

The default port to access an Elasticsearch database over HTTPS is 9200.

If you are using a self-signed server certificate or a certificate issued by your own Root CA, you must place a file containing the CA certificate under:

Example

/opt/airlock/custom-settings/syslog-ng/ca/<server-name>.crt

Using multiple Elasticsearch URLs

In case multiple Elasticsearch URLs are configured, i.e. elastic-remote1 and elastic-remote2, the file in the storage path for local certificates must be named after the first host – here /opt/airlock/custom-settings/syslog-ng/ca/elastic-remote1.crt.

According to our example, the elastic-remote1.crt file must contain two certificates, the one for host elastic-remote1 and for host elastic-remote2.

Further information and links

Internal links: